259c654cdd235de9942f23bc7465252d50f2edf6e0b2dc320658fc00bc054ac4 | Triage

Analysis

max time kernel
149s
max time network
158s
platform
windows10_x64
resource
win10v20210408
submitted
24-07-2021 09:03

Sharing

Report Analysis Logs

General

Target

a09f9a55d0b7e456179e43f1fe1abe2f.exe
Size

1.4MB
MD5

a09f9a55d0b7e456179e43f1fe1abe2f
SHA1

7f66963cc9c85f38349470e2b046007edd128fdb
SHA256

259c654cdd235de9942f23bc7465252d50f2edf6e0b2dc320658fc00bc054ac4
SHA512

f82f436034df6ac838cf84cbf1416d8a2f39279bdc20ab12315db8b99efe46064fc6462d8305fba55697d1ba480f7aca41747abc888396aa9068bb0716474907

Score

10^/10

suricata

Malware Config

Signatures

suricata: ET MALWARE Observed Malicious SSL Cert (BitRAT CnC)
suricata

Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs

Processes:

a09f9a55d0b7e456179e43f1fe1abe2f.exe

pid	process
3728	a09f9a55d0b7e456179e43f1fe1abe2f.exe
3728	a09f9a55d0b7e456179e43f1fe1abe2f.exe
3728	a09f9a55d0b7e456179e43f1fe1abe2f.exe
3728	a09f9a55d0b7e456179e43f1fe1abe2f.exe
3728	a09f9a55d0b7e456179e43f1fe1abe2f.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

a09f9a55d0b7e456179e43f1fe1abe2f.exe

description pid process

Token: SeShutdownPrivilege 3728 a09f9a55d0b7e456179e43f1fe1abe2f.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

a09f9a55d0b7e456179e43f1fe1abe2f.exe

pid process

3728 a09f9a55d0b7e456179e43f1fe1abe2f.exe
3728 a09f9a55d0b7e456179e43f1fe1abe2f.exe

C:\Users\Admin\AppData\Local\Temp\a09f9a55d0b7e456179e43f1fe1abe2f.exe
"C:\Users\Admin\AppData\Local\Temp\a09f9a55d0b7e456179e43f1fe1abe2f.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...