Overview

overview

1

Static

static

�...NT.exe

windows7-x64

1

�...NT.exe

windows10-2004-x64

1

�...Ke.dll

windows7-x64

1

�...Ke.dll

windows10-2004-x64

1

�...ok.dll

windows7-x64

1

�...ok.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    96s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2022 16:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ٳ0.46/GearNT.exe

  • Size

    826KB

  • MD5

    5790c71ce245c9498f0bf1b03870dec2

  • SHA1

    862f2428d67e080a00f8a9cefb2651626a57c18d

  • SHA256

    9fc6a12718fb3d13a473974588e283dc7181bb1aa4d7573454f39de5c462b0f1

  • SHA512

    6476b7f1dc211e1fa2e04596c29140dff4731d922a63272f9ba19b347e31f0f4d288309a3bcf4b3c6bd7c9006d878a814727f9e26d75625559ce7dc9b126a96a

  • SSDEEP

    12288:uImiwFHhYwB1PlAGJY1ah8ApHszHnApTpGatQAoGua/5d7eDoKzzpHGkBt:uIRqBL1PlXhXMDnApxtQU95N6ospH

Score
1/10

Malware Config

Signatures

  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ٳ0.46\GearNT.exe
    "C:\Users\Admin\AppData\Local\Temp\ٳ0.46\GearNT.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:4720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4720-132-0x0000000000770000-0x000000000077D000-memory.dmp
    Filesize

    52KB

    Download