Analysis

  • max time kernel
    148s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    15-04-2022 02:08

General

  • Target

    a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exe

  • Size

    1.1MB

  • MD5

    9fd83afa4f050599f081eaa6b36b380c

  • SHA1

    f062d2cbeaf4395d2335665ad57477c4949b3260

  • SHA256

    a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e

  • SHA512

    62a3f682fcf14eee14537552977f5906f50dd3e29598feaf8c90b285abc7484e432a843e5cf5621d72322e7de35a812b2421e50de2ff1f93dbb66a3daa0b7420

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 10 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exe
    "C:\Users\Admin\AppData\Local\Temp\a6fdf220e34bf901c136a5528548f28da6c71f2cf62e97a07a9ccf8408a06f8e.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1624-54-0x0000000075C71000-0x0000000075C73000-memory.dmp

    Filesize

    8KB

  • memory/1624-55-0x00000000740B0000-0x000000007465B000-memory.dmp

    Filesize

    5.7MB