Resubmissions
30-10-2024 21:02
241030-zvd7eazlev 1030-10-2024 19:27
241030-x6eafazemg 1024-10-2024 22:13
241024-144zvsvhpq 10Analysis
-
max time kernel
16s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
24-10-2024 22:13
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
15c8cc6c27eab9e8c6e8e01883247ffc4a3907042d747859fff2ce622f9647dc.exe
Resource
win7-20240903-en
windows7-x64
3 signatures
90 seconds
General
-
Target
15c8cc6c27eab9e8c6e8e01883247ffc4a3907042d747859fff2ce622f9647dc.exe
-
Size
578KB
-
MD5
0fc72f5b6c6a6109f6f3c3d43089e422
-
SHA1
7b05b6c35e5f1c2dd4aa215b4c0289c970b9cdab
-
SHA256
15c8cc6c27eab9e8c6e8e01883247ffc4a3907042d747859fff2ce622f9647dc
-
SHA512
fcb4251dd52a6bb04009078c5fe38ce014c50091c09c8b54ba3a1d8b910cdf4c915deb7b91838da53033d7da3602057453d651cdb561acc9d634962e31e2c5e3
-
SSDEEP
12288:rlMq2L06Z/oQNgZHjow6V3hLfIW2MxcSg4bQ5RtlcrdxYf:ZILJ9olJowwRLAWFDgqzdif
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
powershell.exepid process 2812 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 2812 powershell.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
15c8cc6c27eab9e8c6e8e01883247ffc4a3907042d747859fff2ce622f9647dc.exedescription pid process target process PID 2336 wrote to memory of 2812 2336 15c8cc6c27eab9e8c6e8e01883247ffc4a3907042d747859fff2ce622f9647dc.exe powershell.exe PID 2336 wrote to memory of 2812 2336 15c8cc6c27eab9e8c6e8e01883247ffc4a3907042d747859fff2ce622f9647dc.exe powershell.exe PID 2336 wrote to memory of 2812 2336 15c8cc6c27eab9e8c6e8e01883247ffc4a3907042d747859fff2ce622f9647dc.exe powershell.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\15c8cc6c27eab9e8c6e8e01883247ffc4a3907042d747859fff2ce622f9647dc.exe"C:\Users\Admin\AppData\Local\Temp\15c8cc6c27eab9e8c6e8e01883247ffc4a3907042d747859fff2ce622f9647dc.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2336 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2812