Overview

overview

10

Static

static

747e0a45b7...32.exe

windows7-x64

10

747e0a45b7...32.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    148s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2022 23:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    747e0a45b7aa42aa1f050832f46a07c9b4be8d8f812e1f5321ebab0c6ed9a932.exe

  • Size

    96KB

  • MD5

    d50ae3b9f4ed137494ad275344c3234e

  • SHA1

    a3715d6c87cbabbbfa441d1c1ba838283d43b284

  • SHA256

    747e0a45b7aa42aa1f050832f46a07c9b4be8d8f812e1f5321ebab0c6ed9a932

  • SHA512

    4a599c00c954abb75b30dc965bac7613889388239efc1d831238eb6e94c148045f0aaba45793e48613b8063ddfd0090033596c7b1e2b1aae7d1dcb144ea63585

  • SSDEEP

    1536:2Y3sO2VIrTgked9k9tVijJ/oFuKLD/M0TYu8E6FB2ujm4G:2jO2/ld2VijJ/orplWcu

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\747e0a45b7aa42aa1f050832f46a07c9b4be8d8f812e1f5321ebab0c6ed9a932.exe
    "C:\Users\Admin\AppData\Local\Temp\747e0a45b7aa42aa1f050832f46a07c9b4be8d8f812e1f5321ebab0c6ed9a932.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: MapViewOfSection
    PID:1488
  • C:\Windows\syswow64\svchost.exe
    "C:\Windows\syswow64\svchost.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:1476

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1416-58-0x0000000077A10000-0x0000000077BB9000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1416-60-0x00000000021F0000-0x00000000021F8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1488-54-0x0000000076681000-0x0000000076683000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1488-55-0x0000000000400000-0x000000000041D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/1488-56-0x00000000004D0000-0x00000000004E9000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1488-57-0x00000000004D0000-0x00000000004E9000-memory.dmp

    Filesize

    100KB

    Download