Analysis
-
max time kernel
149s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
15-04-2022 02:08
Static task
static1
Behavioral task
behavioral1
Sample
b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exe
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exe
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exe
-
Size
1.1MB
-
MD5
a85d38af1a94e238abddb11e66d6f673
-
SHA1
36c3966ca74f3c4a4f3988717fb701570c70486f
-
SHA256
b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd
-
SHA512
6856f1827210ce9ecdb4dd2c503ed5a9cf0774e69a93826fa0e5c0f774186d83161dbe25bbf93397f8fdaf4af0f1699daeaf857cd2c28e717858e0e518ce5092
Score
5/10
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 10 IoCs
Processes:
b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exepid Process 536 b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exe 536 b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exe 536 b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exe 536 b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exe 536 b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exe 536 b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exe 536 b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exe 536 b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exe 536 b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exe 536 b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exepid Process 536 b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exedescription pid Process Token: SeDebugPrivilege 536 b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exepid Process 536 b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exe 536 b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exe 536 b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exe"C:\Users\Admin\AppData\Local\Temp\b666453202660a3a6d28743b422d66ad1f3c02f0eae99c4d9e899ca3eade70fd.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:536