Overview

overview

10

Static

static

a130efba29...78.exe

windows7-x64

10

a130efba29...78.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    45s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2022, 08:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a130efba2912e6359ce86f25e7ae1a52a7f3176752bf14b39c9c277f6d8b6d78.exe

  • Size

    96KB

  • MD5

    70f791cc0fc1d02883328038dd5f4b00

  • SHA1

    7b71e389a251b56761a17d2dab326848dacb06b8

  • SHA256

    a130efba2912e6359ce86f25e7ae1a52a7f3176752bf14b39c9c277f6d8b6d78

  • SHA512

    fb3f378fb6cabb733ce9a83a15f17181fe474070f0bd12bb221a3b79e82b6303e53b42b1e213eab988c0046bf99ceac096e8410964deb442e8f68d3393711f6c

  • SSDEEP

    1536:r5Q/1ioFXIH3CH+5/9cz4veQOBOtLKCDyd8NKbWK43yRgY9+WgkfS6wl09tE5N9J:r5+igXoyecz4veQOBO9DsbWK43LYEkf0

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a130efba2912e6359ce86f25e7ae1a52a7f3176752bf14b39c9c277f6d8b6d78.exe
    "C:\Users\Admin\AppData\Local\Temp\a130efba2912e6359ce86f25e7ae1a52a7f3176752bf14b39c9c277f6d8b6d78.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: MapViewOfSection
    PID:1340
  • C:\Windows\syswow64\svchost.exe
    "C:\Windows\syswow64\svchost.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:820

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/820-58-0x00000000758B1000-0x00000000758B3000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1340-54-0x00000000002D0000-0x00000000002D4000-memory.dmp

          Filesize

          16KB

          Download

        • memory/1340-55-0x0000000000400000-0x0000000000419000-memory.dmp

          Filesize

          100KB

          Download

        • memory/1340-56-0x0000000000400000-0x0000000000419000-memory.dmp

          Filesize

          100KB

          Download

        • memory/1340-57-0x0000000000400000-0x0000000000419000-memory.dmp

          Filesize

          100KB

          Download

        • memory/1392-59-0x0000000077190000-0x0000000077339000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1392-60-0x0000000002660000-0x0000000002667000-memory.dmp

          Filesize

          28KB

          Download