Analysis
-
max time kernel
293s -
max time network
40s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
08/09/2022, 22:16
Static task
static1
Behavioral task
behavioral1
Sample
8ba6a24338e06b435fe5e63200785bf86d3b3cd809599b6a41e6bd1a6eafab4d.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8ba6a24338e06b435fe5e63200785bf86d3b3cd809599b6a41e6bd1a6eafab4d.exe
Resource
win10-20220812-en
General
-
Target
8ba6a24338e06b435fe5e63200785bf86d3b3cd809599b6a41e6bd1a6eafab4d.exe
-
Size
2.7MB
-
MD5
51e3a7f01dc6d68c33d184520cf578dc
-
SHA1
e081194ec46e6d0806265ecb56fd7eefde49f5b4
-
SHA256
8ba6a24338e06b435fe5e63200785bf86d3b3cd809599b6a41e6bd1a6eafab4d
-
SHA512
5585b28b66b9ed968e0f88fbe8b42fdd6430c9cb302a1927f8fc4f458e50983928d6ca47bb7dade1c73a592248913c714b0edf718234bbb9a224e2c386f2b4c8
-
SSDEEP
49152:BelBeMQvuPKQn1Q18QVwTG3+U7R2lUBk/LejWF2jFyr7btf7iHVQJp5JJKkVc:ABeMIub1QY6ZWgsL0FjMbl7iKJpxVc
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 18 IoCs
pid Process 1192 8ba6a24338e06b435fe5e63200785bf86d3b3cd809599b6a41e6bd1a6eafab4d.exe 1192 8ba6a24338e06b435fe5e63200785bf86d3b3cd809599b6a41e6bd1a6eafab4d.exe 1192 8ba6a24338e06b435fe5e63200785bf86d3b3cd809599b6a41e6bd1a6eafab4d.exe 1192 8ba6a24338e06b435fe5e63200785bf86d3b3cd809599b6a41e6bd1a6eafab4d.exe 1192 8ba6a24338e06b435fe5e63200785bf86d3b3cd809599b6a41e6bd1a6eafab4d.exe 1192 8ba6a24338e06b435fe5e63200785bf86d3b3cd809599b6a41e6bd1a6eafab4d.exe 1192 8ba6a24338e06b435fe5e63200785bf86d3b3cd809599b6a41e6bd1a6eafab4d.exe 1192 8ba6a24338e06b435fe5e63200785bf86d3b3cd809599b6a41e6bd1a6eafab4d.exe 1192 8ba6a24338e06b435fe5e63200785bf86d3b3cd809599b6a41e6bd1a6eafab4d.exe 1192 8ba6a24338e06b435fe5e63200785bf86d3b3cd809599b6a41e6bd1a6eafab4d.exe 1192 8ba6a24338e06b435fe5e63200785bf86d3b3cd809599b6a41e6bd1a6eafab4d.exe 1192 8ba6a24338e06b435fe5e63200785bf86d3b3cd809599b6a41e6bd1a6eafab4d.exe 1192 8ba6a24338e06b435fe5e63200785bf86d3b3cd809599b6a41e6bd1a6eafab4d.exe 1192 8ba6a24338e06b435fe5e63200785bf86d3b3cd809599b6a41e6bd1a6eafab4d.exe 1192 8ba6a24338e06b435fe5e63200785bf86d3b3cd809599b6a41e6bd1a6eafab4d.exe 1192 8ba6a24338e06b435fe5e63200785bf86d3b3cd809599b6a41e6bd1a6eafab4d.exe 1192 8ba6a24338e06b435fe5e63200785bf86d3b3cd809599b6a41e6bd1a6eafab4d.exe 1192 8ba6a24338e06b435fe5e63200785bf86d3b3cd809599b6a41e6bd1a6eafab4d.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1192 8ba6a24338e06b435fe5e63200785bf86d3b3cd809599b6a41e6bd1a6eafab4d.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1192 8ba6a24338e06b435fe5e63200785bf86d3b3cd809599b6a41e6bd1a6eafab4d.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8ba6a24338e06b435fe5e63200785bf86d3b3cd809599b6a41e6bd1a6eafab4d.exe"C:\Users\Admin\AppData\Local\Temp\8ba6a24338e06b435fe5e63200785bf86d3b3cd809599b6a41e6bd1a6eafab4d.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1192