Analysis
-
max time kernel
20s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
03/03/2025, 20:11
Behavioral task
behavioral1
Sample
rsrc1.exe
Resource
win7-20241010-en
windows7-x64
7 signatures
150 seconds
Behavioral task
behavioral2
Sample
rsrc1.exe
Resource
win10v2004-20250217-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
rsrc1.exe
-
Size
114KB
-
MD5
382fc1a3c5225fceb672eea13f572a38
-
SHA1
d9a3596af0463797df4ff25b7999184946e3bfa2
-
SHA256
2c10b2ec0b995b88c27d141d6f7b14d6b8177c52818687e4ff8e6ecf53adf5bf
-
SHA512
0fa729f6834d475f787634cc69592633c32a0368c63abac5f702bdd8fd838ad9ceb50941448518a3bf1da0ab45bf6b0dac42d99168d51916591277db19dedacd
-
SSDEEP
1536:bV3+WmNcWDurilmw9BgjKu1sPPxaS4jqY:bV3+WmjDxlPwV16PkS4jqY
Score
8/10
Malware Config
Signatures
-
Drops file in Drivers directory 3 IoCs
description ioc Process File created C:\Windows\system32\Drivers\lxdr rsrc1.exe File opened for modification C:\Windows\system32\Drivers\lxdr rsrc1.exe File created C:\Windows\system32\Drivers\lxdr.sys rsrc1.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2300 taskmgr.exe -
Suspicious behavior: LoadsDriver 5 IoCs
pid Process 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found 464 Process not Found -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: 0 2332 rsrc1.exe Token: SeBackupPrivilege 2332 rsrc1.exe Token: SeLoadDriverPrivilege 2332 rsrc1.exe Token: SeDebugPrivilege 2300 taskmgr.exe -
Suspicious use of FindShellTrayWindow 39 IoCs
pid Process 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe -
Suspicious use of SendNotifyMessage 38 IoCs
pid Process 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe 2300 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\rsrc1.exe"C:\Users\Admin\AppData\Local\Temp\rsrc1.exe"1⤵
- Drops file in Drivers directory
- Suspicious use of AdjustPrivilegeToken
PID:2332
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2300