Overview

overview

10

Static

static

10

b824bbc645...1f.exe

windows7_x64

5

b824bbc645...1f.exe

windows10_x64

10

Resubmissions

28-10-2021 08:45

211028-knq53afhbm 10

05-10-2021 12:34

211005-pr319aaagr 10

Analysis

  • max time kernel
    106s
  • max time network
    38s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    05-10-2021 12:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b824bbc645f15e213b4cb2628f7d383e9e37282059b03f6fe60f7c84ea1fed1f.exe

  • Size

    72KB

  • MD5

    1dd464cbb3fbd6881eef3f05b8b1fbd5

  • SHA1

    cafd8d20f2abaebbbfc367b4b4512107362f3758

  • SHA256

    b824bbc645f15e213b4cb2628f7d383e9e37282059b03f6fe60f7c84ea1fed1f

  • SHA512

    1564fffe28c2b7c2b18c35d68e3e254106620b2c3b7b5f41b95cfbb3a2cf0d9c42616d670b4060d09129ff18f0148c03e00bbd205f9d10697b265109a43d053c

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 15 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b824bbc645f15e213b4cb2628f7d383e9e37282059b03f6fe60f7c84ea1fed1f.exe
    "C:\Users\Admin\AppData\Local\Temp\b824bbc645f15e213b4cb2628f7d383e9e37282059b03f6fe60f7c84ea1fed1f.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:572
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 372
      2⤵
      • Program crash
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/572-59-0x00000000757C1000-0x00000000757C3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/572-60-0x0000000001ED5000-0x0000000001EE6000-memory.dmp
    Filesize

    68KB

    Download
  • memory/572-61-0x0000000001ED0000-0x0000000001ED1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/628-62-0x0000000000000000-mapping.dmp
    Download
  • memory/628-63-0x0000000000340000-0x0000000000341000-memory.dmp
    Filesize

    4KB

    Download