Analysis
-
max time kernel
185s -
max time network
203s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
24-11-2022 21:39
General
-
Target
9d085fe596c5223d3250f38f9bbb0585f8555f281cc07f2ce883aeb806d6cf43.exe
-
Size
262KB
-
MD5
dd3d297db386103f447b5eed0e62b408
-
SHA1
5685ac2294da0581d3e33037b151709d61a98f4b
-
SHA256
9d085fe596c5223d3250f38f9bbb0585f8555f281cc07f2ce883aeb806d6cf43
-
SHA512
3feb95985416ca6918e1d7d30bfe848e2019847cbf1ad3db4b194c229747a076945b81c605e368dac10451e0176603320f7d8d835d47fbbc3bc37e4118e4ceaf
-
SSDEEP
6144:A/bILVvWfZc2yUyfi8j4VtyjXP56OS+I1:A0xWfZc2PJZtyjDPa
Malware Config
Signatures
-
Modifies firewall policy service 2 TTPs 2 IoCs
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
-
Suspicious use of SetThreadContext 2 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: MapViewOfSection 4 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9d085fe596c5223d3250f38f9bbb0585f8555f281cc07f2ce883aeb806d6cf43.exe"C:\Users\Admin\AppData\Local\Temp\9d085fe596c5223d3250f38f9bbb0585f8555f281cc07f2ce883aeb806d6cf43.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9d085fe596c5223d3250f38f9bbb0585f8555f281cc07f2ce883aeb806d6cf43.exe"C:\Users\Admin\AppData\Local\Temp\9d085fe596c5223d3250f38f9bbb0585f8555f281cc07f2ce883aeb806d6cf43.exe"2⤵
- Modifies firewall policy service
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\M-5078860807246347675945\winmgr.exeC:\Users\Admin\M-5078860807246347675945\winmgr.exe3⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\M-5078860807246347675945\winmgr.exeC:\Users\Admin\M-5078860807246347675945\winmgr.exe4⤵
- Executes dropped EXE
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
262KB
MD5dd3d297db386103f447b5eed0e62b408
SHA15685ac2294da0581d3e33037b151709d61a98f4b
SHA2569d085fe596c5223d3250f38f9bbb0585f8555f281cc07f2ce883aeb806d6cf43
SHA5123feb95985416ca6918e1d7d30bfe848e2019847cbf1ad3db4b194c229747a076945b81c605e368dac10451e0176603320f7d8d835d47fbbc3bc37e4118e4ceaf
-
Filesize
262KB
MD5dd3d297db386103f447b5eed0e62b408
SHA15685ac2294da0581d3e33037b151709d61a98f4b
SHA2569d085fe596c5223d3250f38f9bbb0585f8555f281cc07f2ce883aeb806d6cf43
SHA5123feb95985416ca6918e1d7d30bfe848e2019847cbf1ad3db4b194c229747a076945b81c605e368dac10451e0176603320f7d8d835d47fbbc3bc37e4118e4ceaf
-
Filesize
262KB
MD5dd3d297db386103f447b5eed0e62b408
SHA15685ac2294da0581d3e33037b151709d61a98f4b
SHA2569d085fe596c5223d3250f38f9bbb0585f8555f281cc07f2ce883aeb806d6cf43
SHA5123feb95985416ca6918e1d7d30bfe848e2019847cbf1ad3db4b194c229747a076945b81c605e368dac10451e0176603320f7d8d835d47fbbc3bc37e4118e4ceaf
-
Filesize
262KB
MD5dd3d297db386103f447b5eed0e62b408
SHA15685ac2294da0581d3e33037b151709d61a98f4b
SHA2569d085fe596c5223d3250f38f9bbb0585f8555f281cc07f2ce883aeb806d6cf43
SHA5123feb95985416ca6918e1d7d30bfe848e2019847cbf1ad3db4b194c229747a076945b81c605e368dac10451e0176603320f7d8d835d47fbbc3bc37e4118e4ceaf
-
Filesize
262KB
MD5dd3d297db386103f447b5eed0e62b408
SHA15685ac2294da0581d3e33037b151709d61a98f4b
SHA2569d085fe596c5223d3250f38f9bbb0585f8555f281cc07f2ce883aeb806d6cf43
SHA5123feb95985416ca6918e1d7d30bfe848e2019847cbf1ad3db4b194c229747a076945b81c605e368dac10451e0176603320f7d8d835d47fbbc3bc37e4118e4ceaf
-
-
Filesize
20.6MB
-
-
Filesize
20.6MB
-
Filesize
28KB
-
-
Filesize
20.6MB
-
Filesize
20.6MB
-
Filesize
8KB