Overview

overview

5

Static

static

75fd6adc5e...d8.exe

windows7-x64

5

75fd6adc5e...d8.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/09/2022, 14:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75fd6adc5e68647163cfb91a9724795cb52b3ef5d644e8c98486833af765bbd8.exe

  • Size

    2.0MB

  • MD5

    eb41f05adc228915304a1e9ee9224329

  • SHA1

    479417d02ce90b2f6ddb51077a2b04a626f516d3

  • SHA256

    75fd6adc5e68647163cfb91a9724795cb52b3ef5d644e8c98486833af765bbd8

  • SHA512

    593020b0b4be4200095a90f23b9aadf522430c305646cb1a4f7888027dc8306b61efe52d29cd34009b48fcd2a24b531ab1092455dcf539269d1d10d3972f34bc

  • SSDEEP

    24576:XR+I7Zg3CH/PH7A3qVaD8ja/48Gm4Q6nzWEUnBbEqFXj/qL4DDB5VdLd+RyHkuVi:XR+yLn9HMwQQWZnBQqhWuDrLLEun4

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\75fd6adc5e68647163cfb91a9724795cb52b3ef5d644e8c98486833af765bbd8.exe
    "C:\Users\Admin\AppData\Local\Temp\75fd6adc5e68647163cfb91a9724795cb52b3ef5d644e8c98486833af765bbd8.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    PID:3468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3468-132-0x0000000000400000-0x000000000058F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3468-133-0x0000000000400000-0x000000000058F000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3468-134-0x0000000010000000-0x000000001000F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/3468-137-0x0000000000400000-0x000000000058F000-memory.dmp

    Filesize

    1.6MB

    Download