Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
24-12-2024 09:01
Behavioral task
behavioral1
Sample
AQUA PREMIUM Spoof.exe
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
AQUA PREMIUM Spoof.exe
Resource
win10v2004-20241007-en
collectioncredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealerupx
windows10-2004-x64
26 signatures
150 seconds
Behavioral task
behavioral3
Sample
Respoof.cmd
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral4
Sample
Respoof.cmd
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
Respoof.cmd
-
Size
65B
-
MD5
a64d3a4c1d61344273de4e3f2dd3b652
-
SHA1
245859a286db226f15a0c8c51c9b71f31ea1b79a
-
SHA256
6f4b8912c0f77f2e589e8fed98246680bdd01a442f91729ce15ee812b8f4d50e
-
SHA512
e564799596d11b71590569f8c7b31fe7446cabc2dc6bc423308edf7ad2fcb74cbc621891cc594a6b2ebc8320600d0ca2530e92042477246914c55f369d2856cb
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2368 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2368 powershell.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2352 wrote to memory of 2368 2352 cmd.exe 31 PID 2352 wrote to memory of 2368 2352 cmd.exe 31 PID 2352 wrote to memory of 2368 2352 cmd.exe 31
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Respoof.cmd"1⤵
- Suspicious use of WriteProcessMemory
PID:2352 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exePowerShell "Disable-MMAgent -MemoryCompression"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2368
-