Overview

overview

10

Static

static

d67160c55e...db.exe

windows7_x64

10

d67160c55e...db.exe

windows10-2004_x64

5

Analysis

  • max time kernel
    12s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    24-05-2022 14:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d67160c55ef2a362bb4d2d6a4b625ba9e70faba676b2f0e8c6fb67bf3c69c8db.exe

  • Size

    1.1MB

  • MD5

    ac3c74a419d6c61c9f18aec6da2e7000

  • SHA1

    2a3f031f0922cd78d3796b680f3112e36ac7da6c

  • SHA256

    d67160c55ef2a362bb4d2d6a4b625ba9e70faba676b2f0e8c6fb67bf3c69c8db

  • SHA512

    54b7cac2bfbef5a6f7ba01e7d9b3754d8adcc1a3ff99a121e5848ebcab7601863c0f7e2f5b97d1493f0808c576ebcab205ae8dd1539acb98c43e2e0d3c04a08e

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d67160c55ef2a362bb4d2d6a4b625ba9e70faba676b2f0e8c6fb67bf3c69c8db.exe
    "C:\Users\Admin\AppData\Local\Temp\d67160c55ef2a362bb4d2d6a4b625ba9e70faba676b2f0e8c6fb67bf3c69c8db.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2124-130-0x0000000000D00000-0x0000000001084000-memory.dmp
    Filesize

    3.5MB

    Download
  • memory/2124-131-0x0000000005FC0000-0x0000000006564000-memory.dmp
    Filesize

    5.6MB

    Download
  • memory/2124-132-0x0000000005AB0000-0x0000000005B42000-memory.dmp
    Filesize

    584KB

    Download
  • memory/2124-133-0x00000000031D0000-0x00000000031DA000-memory.dmp
    Filesize

    40KB

    Download
  • memory/2124-134-0x0000000005B50000-0x0000000005BB6000-memory.dmp
    Filesize

    408KB

    Download
  • memory/2124-135-0x0000000006770000-0x000000000677A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/2124-136-0x0000000007C10000-0x0000000007DD2000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/2124-137-0x0000000008310000-0x000000000883C000-memory.dmp
    Filesize

    5.2MB

    Download
  • memory/2124-138-0x0000000007BA0000-0x0000000007BB2000-memory.dmp
    Filesize

    72KB

    Download