Overview

overview

10

Static

static

c1ba15907a...4b.exe

windows7_x64

10

c1ba15907a...4b.exe

windows10-2004_x64

5

Analysis

  • max time kernel
    230s
  • max time network
    298s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    17/06/2022, 05:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c1ba15907aa6885eb4e97fc12bdb721fee9360ac255834ae1dc6be327113334b.exe

  • Size

    647.1MB

  • MD5

    2894c5244f6ce9f275d7594e4cc471c0

  • SHA1

    267c66fe5a1a5ee0601c11a649aea4b207adf8e6

  • SHA256

    c1ba15907aa6885eb4e97fc12bdb721fee9360ac255834ae1dc6be327113334b

  • SHA512

    b484a18f63a8d47484642059eeb3ecc91a4b7efaec79a0bbe6fc4349630aebc071db6d950c359742e8a09d0ae244168b3893cb422a2bf727f243d416d2c06379

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c1ba15907aa6885eb4e97fc12bdb721fee9360ac255834ae1dc6be327113334b.exe
    "C:\Users\Admin\AppData\Local\Temp\c1ba15907aa6885eb4e97fc12bdb721fee9360ac255834ae1dc6be327113334b.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:1404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1404-130-0x0000000000EB0000-0x00000000019D5000-memory.dmp

    Filesize

    11.1MB

    Download

  • memory/1404-132-0x0000000000EB0000-0x00000000019D5000-memory.dmp

    Filesize

    11.1MB

    Download

  • memory/1404-133-0x0000000000EB0000-0x00000000019D5000-memory.dmp

    Filesize

    11.1MB

    Download

  • memory/1404-134-0x0000000000EB0000-0x00000000019D5000-memory.dmp

    Filesize

    11.1MB

    Download

  • memory/1404-135-0x0000000000EB0000-0x00000000019D5000-memory.dmp

    Filesize

    11.1MB

    Download