Resubmissions
08-12-2024 13:21
241208-qlxsqazkck 708-12-2024 13:12
241208-qfk7qsyrgl 808-12-2024 13:05
241208-qbv65syqfq 808-12-2024 13:03
241208-qaeg1atrcw 8Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
08-12-2024 13:03
Static task
static1
Behavioral task
behavioral1
Sample
Bootstraper.exe
Resource
win7-20240903-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
Bootstraper.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
6 signatures
150 seconds
Behavioral task
behavioral3
Sample
cachehandler.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
Bootstraper.exe
-
Size
71.0MB
-
MD5
e82c016015eb049019b94fd51ecd6e49
-
SHA1
bc230a8342944ddb28007baa2bd29cb07b29294e
-
SHA256
af5852b2f7312ac76fcd4ec798b8aacf7a5338b329664d2a79a6f31619230828
-
SHA512
4faa37bf5cebc40469379671e6fe88344fcc9df54ac99d7ec179f04aeaa5d805d0a935b43d79747542cfc329e1f1e78d95cbe6db9235f994cc0fdfbb6e156b98
-
SSDEEP
393216:Hqc1qcLg6WDV34gkpyfVEHqy2I6Sug+FIOMWg6SvbMK1UO9mBX2GWjNYi1M:Kc1qcLgtDV3fq235ghiSjMKny2GWBM
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2784 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2784 taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe 2784 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Bootstraper.exe"C:\Users\Admin\AppData\Local\Temp\Bootstraper.exe"1⤵PID:2328
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2252
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2784