Analysis
-
max time kernel
44s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
23-11-2022 20:33
General
-
Target
47112d76f41b2eb912eef8a21181361d63d9d2c28d0063f78da1278878b4fa08.exe
-
Size
2.3MB
-
MD5
ebc54e88a8aac16f8cdf2dc3391b389c
-
SHA1
4e6832a09df6cf6319c3998f2ad5b2c08e41198c
-
SHA256
47112d76f41b2eb912eef8a21181361d63d9d2c28d0063f78da1278878b4fa08
-
SHA512
2c4ff7bf32747d7e6e2b82a7fdceed37a9047c90a48d64a2e270e8c05e2e9e9ac96ead8f67c0131e1560796846474b0cbdb8618b27b9ba48fdb9337546b09131
-
SSDEEP
49152:UmjHkb9DZfQ2AyoXZ9i0hanVA/rFDY96supFG:3EZDJ9op9XanV+ry6supF
Score
8/10
Malware Config
Signatures
-
Drops file in Drivers directory 3 IoCs
-
UPX packed file 25 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
VMProtect packed file 3 IoCs
Detects executables packed with VMProtect commercial packer.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\47112d76f41b2eb912eef8a21181361d63d9d2c28d0063f78da1278878b4fa08.exe"C:\Users\Admin\AppData\Local\Temp\47112d76f41b2eb912eef8a21181361d63d9d2c28d0063f78da1278878b4fa08.exe"1⤵
- Drops file in Drivers directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1808-54-0x0000000075AC1000-0x0000000075AC3000-memory.dmpFilesize
8KB
-
memory/1808-55-0x0000000000400000-0x000000000067F000-memory.dmpFilesize
2.5MB
-
memory/1808-56-0x0000000002010000-0x0000000002082000-memory.dmpFilesize
456KB
-
memory/1808-57-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1808-63-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1808-61-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1808-69-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1808-67-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1808-65-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1808-59-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1808-58-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1808-71-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1808-77-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1808-75-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1808-73-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1808-83-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1808-95-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1808-93-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1808-99-0x0000000002010000-0x0000000002082000-memory.dmpFilesize
456KB
-
memory/1808-98-0x0000000000400000-0x000000000067F000-memory.dmpFilesize
2.5MB
-
memory/1808-97-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1808-91-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1808-89-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1808-101-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1808-87-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1808-85-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1808-81-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1808-79-0x0000000010000000-0x000000001003E000-memory.dmpFilesize
248KB
-
memory/1808-103-0x0000000000400000-0x000000000067F000-memory.dmpFilesize
2.5MB