Analysis

  • max time kernel
    149s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    15-04-2022 02:08

General

  • Target

    b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exe

  • Size

    1.1MB

  • MD5

    a85d38af1a94e238abddb11e66d6f673

  • SHA1

    36c3966ca74f3c4a4f3988717fb701570c70486f

  • SHA256

    b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd

  • SHA512

    6856f1827210ce9ecdb4dd2c503ed5a9cf0774e69a93826fa0e5c0f774186d83161dbe25bbf93397f8fdaf4af0f1699daeaf857cd2c28e717858e0e518ce5092

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 10 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exe
    "C:\Users\Admin\AppData\Local\Temp\b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/536-54-0x0000000075B61000-0x0000000075B63000-memory.dmp

    Filesize

    8KB

  • memory/536-55-0x0000000074140000-0x00000000746EB000-memory.dmp

    Filesize

    5.7MB