Analysis
-
max time kernel
148s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
15-04-2022 02:08
Static task
static1
Behavioral task
behavioral1
Sample
a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exe
Resource
win7-20220414-en
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exe
Resource
win10v2004-20220414-en
0 signatures
0 seconds
General
-
Target
a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exe
-
Size
1.1MB
-
MD5
9fd83afa4f050599f081eaa6b36b380c
-
SHA1
f062d2cbeaf4395d2335665ad57477c4949b3260
-
SHA256
a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e
-
SHA512
62a3f682fcf14eee14537552977f5906f50dd3e29598feaf8c90b285abc7484e432a843e5cf5621d72322e7de35a812b2421e50de2ff1f93dbb66a3daa0b7420
Score
5/10
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 10 IoCs
Processes:
a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exepid Process 1624 a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exe 1624 a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exe 1624 a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exe 1624 a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exe 1624 a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exe 1624 a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exe 1624 a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exe 1624 a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exe 1624 a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exe 1624 a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exepid Process 1624 a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exedescription pid Process Token: SeDebugPrivilege 1624 a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
Processes:
a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exepid Process 1624 a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exe 1624 a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exe 1624 a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exe"C:\Users\Admin\AppData\Local\Temp\a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1624