Overview

overview

10

Static

static

4bbf30ae82...49.exe

windows7-x64

10

4bbf30ae82...49.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    175s
  • max time network
    35s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 14:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4bbf30ae82b3d83268242e0b9eb28018ac5bb7f6ce36d769667467d68ca67649.exe

  • Size

    75KB

  • MD5

    9aa77160d87d64a7c7f060fffe8dee79

  • SHA1

    34f4099d2f90036e976b3796d070182985c4c2ad

  • SHA256

    4bbf30ae82b3d83268242e0b9eb28018ac5bb7f6ce36d769667467d68ca67649

  • SHA512

    bc3e5af2397d0ec0eda0c8c3b61db420200eb6d8dc3e9c084757f1a73cd5c74933816e7dcfc1424712411855a4fe3c96e7c4378b75dfccb94ee6a9047ede9a6a

  • SSDEEP

    768:kLgb35mRKx8FmJCO8RVZs1vwMmFYrMewAf3vmv3L0+9j0M/s6gKbo:kLglsrZDEbMe7f38J9O6gK

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4bbf30ae82b3d83268242e0b9eb28018ac5bb7f6ce36d769667467d68ca67649.exe
    "C:\Users\Admin\AppData\Local\Temp\4bbf30ae82b3d83268242e0b9eb28018ac5bb7f6ce36d769667467d68ca67649.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: MapViewOfSection
    PID:1044
  • C:\Windows\syswow64\svchost.exe
    "C:\Windows\syswow64\svchost.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:1928

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1044-54-0x00000000761F1000-0x00000000761F3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1044-55-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1044-56-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1044-57-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1044-58-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1232-59-0x0000000077450000-0x00000000775F9000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1232-60-0x0000000001DC0000-0x0000000001DC7000-memory.dmp

    Filesize

    28KB

    Download

  • memory/1232-61-0x0000000077450000-0x00000000775F9000-memory.dmp

    Filesize

    1.7MB

    Download