Analysis
-
max time kernel
151s -
max time network
157s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
03-10-2022 22:46
Behavioral task
behavioral1
Sample
4d71edf00f46afcb1cc2905ed2e73c9c.exe
Resource
win7-20220812-en
windows7-x64
4 signatures
150 seconds
General
-
Target
4d71edf00f46afcb1cc2905ed2e73c9c.exe
-
Size
3.8MB
-
MD5
4d71edf00f46afcb1cc2905ed2e73c9c
-
SHA1
e212ba0421ee7aad27866e928f2083b218b7a4ed
-
SHA256
df594a9ae021e4d000115897adfdc46d58ce28c327eca0b974cd3e4f87776820
-
SHA512
f91286a44bb046c99d73a52b9858ac736b967c45932445a16271d730efaeba86bcc439e1a24891a84472ce31c816084da3f884b37bc40cd03a1bd1ec40e99c01
-
SSDEEP
98304:X77Pmq33rE/JDLPWZADUGer7B6iY74M/jmlwXVZ:f+R/eZADUXR
Malware Config
Extracted
Family
bitrat
Version
1.38
C2
storage.nsupdate.info:8973
Attributes
-
communication_password
bf771c9d082071fe80b18bb678220682
-
tor_process
tor
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
Processes:
4d71edf00f46afcb1cc2905ed2e73c9c.exepid process 1916 4d71edf00f46afcb1cc2905ed2e73c9c.exe 1916 4d71edf00f46afcb1cc2905ed2e73c9c.exe 1916 4d71edf00f46afcb1cc2905ed2e73c9c.exe 1916 4d71edf00f46afcb1cc2905ed2e73c9c.exe 1916 4d71edf00f46afcb1cc2905ed2e73c9c.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
4d71edf00f46afcb1cc2905ed2e73c9c.exedescription pid process Token: SeDebugPrivilege 1916 4d71edf00f46afcb1cc2905ed2e73c9c.exe Token: SeShutdownPrivilege 1916 4d71edf00f46afcb1cc2905ed2e73c9c.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
4d71edf00f46afcb1cc2905ed2e73c9c.exepid process 1916 4d71edf00f46afcb1cc2905ed2e73c9c.exe 1916 4d71edf00f46afcb1cc2905ed2e73c9c.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1916-54-0x0000000000400000-0x00000000007CE000-memory.dmpFilesize
3.8MB
-
memory/1916-55-0x0000000075A81000-0x0000000075A83000-memory.dmpFilesize
8KB
-
memory/1916-56-0x0000000000380000-0x000000000038A000-memory.dmpFilesize
40KB
-
memory/1916-57-0x0000000000380000-0x000000000038A000-memory.dmpFilesize
40KB
-
memory/1916-58-0x0000000000380000-0x000000000038A000-memory.dmpFilesize
40KB
-
memory/1916-59-0x0000000000380000-0x000000000038A000-memory.dmpFilesize
40KB