Resubmissions
20/11/2024, 03:46
241120-eb3ensznbt 320/11/2024, 03:44
241120-eas5lszdmh 320/11/2024, 03:41
241120-d852ds1ckm 3Analysis
-
max time kernel
149s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
20/11/2024, 03:44
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
memreduct.exe
Resource
win7-20240903-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
memreduct.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
memreduct.exe
-
Size
302KB
-
MD5
fe8eb129610e454ad17b9d6ccbf1df8b
-
SHA1
28cfddbc7faf2e66aee0eec673c7eb7beab25510
-
SHA256
8cea4adf5febfa9528d01259bf9b70afdb814ce8b41605b8c619a9738a9c9414
-
SHA512
4aa488a5844eb65fe0f72d1ab325ba07a40fa0cae658bba38f59260c1467d5c902ae8bcd6d8e2f15a5c81139147155948f99a0e303ecca001f24a58d5c5de399
-
SSDEEP
6144:62uLW2PbSyXuF4a4gLZRE65J3EvgxxEvM:6hBTavRh5J8qxEvM
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2364 memreduct.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 2364 memreduct.exe Token: SeProfSingleProcessPrivilege 2364 memreduct.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe 2364 memreduct.exe