Analysis
-
max time kernel
96s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
28/09/2024, 12:23
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ua.exe
Resource
win7-20240729-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
ua.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
ua.exe
-
Size
5.6MB
-
MD5
53138f8c713ad1fea892cec51658a1da
-
SHA1
f2fa0977a7c3c250d573d10622ab8c0a40596c22
-
SHA256
20fe23ed0cd5ace464a9201a8a71672d46dc3b6b4091bcd21d40c4ddd0c485d4
-
SHA512
393f6fa52ab11c86dcf1ac266d047f493d442f160136098150701926720f700e396397d474b8bafdd3dccb8f5ad398f4ef560683c7eb55ca30cda11df6f92f2b
-
SSDEEP
98304:3Ss5U0DKFCGvww8mJmcGT4Jt9ZfznrQsr77tlQ2sqt1O2:bq3CGYT4BZbnjr77PQMO2
Score
1/10
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 taskmgr.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
pid Process 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1896 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeDebugPrivilege 1896 taskmgr.exe Token: SeSystemProfilePrivilege 1896 taskmgr.exe Token: SeCreateGlobalPrivilege 1896 taskmgr.exe Token: 33 1896 taskmgr.exe Token: SeIncBasePriorityPrivilege 1896 taskmgr.exe -
Suspicious use of FindShellTrayWindow 36 IoCs
pid Process 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe -
Suspicious use of SendNotifyMessage 36 IoCs
pid Process 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe 1896 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ua.exe"C:\Users\Admin\AppData\Local\Temp\ua.exe"1⤵PID:3640
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1896