Overview

overview

3

Static

static

3

silence-workspace.exe

windows7-x64

1

silence-workspace.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-08-2024 16:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    silence-workspace.exe

  • Size

    1.6MB

  • MD5

    97d8c6ad9269c4c236189f67239e5ad7

  • SHA1

    80ad383e774a8f6b528ae0bc64ea2a4bdeade14f

  • SHA256

    2048c60fe0ac7826ce42ee5717a82632347659fba3a0dec1f4f00230fcd24a26

  • SHA512

    0010c74afabe0180d70f50fb3f89739b798aaf6c8f9cc70655f7ef735cd19d14462a60c992a89880838910106ffd1034f3bb3d97abe55f8ae189f88e84b0abff

  • SSDEEP

    24576:Ft7JH2OYG2PUEw6h2lZozPHurhEwgj5U8pf7bSrnyVUn/7oUVcnl0jjx6CAK5:37xTt2PLwcsoLOrKwgSS6WUnzoUenl0

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\silence-workspace.exe
    "C:\Users\Admin\AppData\Local\Temp\silence-workspace.exe"
    1⤵
      PID:2296
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2580
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4216

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2580-0-0x000002E0A3900000-0x000002E0A3901000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2580-1-0x000002E0A3900000-0x000002E0A3901000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2580-2-0x000002E0A3900000-0x000002E0A3901000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2580-9-0x000002E0A3900000-0x000002E0A3901000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2580-12-0x000002E0A3900000-0x000002E0A3901000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2580-10-0x000002E0A3900000-0x000002E0A3901000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2580-11-0x000002E0A3900000-0x000002E0A3901000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2580-8-0x000002E0A3900000-0x000002E0A3901000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2580-6-0x000002E0A3900000-0x000002E0A3901000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2580-7-0x000002E0A3900000-0x000002E0A3901000-memory.dmp

        Filesize

        4KB

        Download