Analysis
-
max time kernel
151s -
max time network
172s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
25-11-2022 11:52
General
-
Target
603f8c5b4ea6435f1d15a97382fd86580a0840b8999618e6320fd152b8870efe.exe
-
Size
1.4MB
-
MD5
8e233c992156b95805392a881e197b2e
-
SHA1
71edc7b81583e8bc476d3843673849d84c0eeabd
-
SHA256
603f8c5b4ea6435f1d15a97382fd86580a0840b8999618e6320fd152b8870efe
-
SHA512
81f69d3c998cea39df058f4ff23d84831c50fe33e7d996b6ae708cfe4c7e27851c31494ccbe80a1018e35ec44752976ea8bed5a292c7b8e69d8d717dc0d1b3d8
-
SSDEEP
24576:gGZ82zzYfFalQPNUPjHnP1ZBpQO7yThjVc48E21x3JiGtzV/0lT2iTqc/l0vW3jK:D83fFGQPNudZTzyNjVc4x21x3Jft6lPy
Score
8/10
Malware Config
Signatures
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
VMProtect packed file 3 IoCs
Detects executables packed with VMProtect commercial packer.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\603f8c5b4ea6435f1d15a97382fd86580a0840b8999618e6320fd152b8870efe.exe"C:\Users\Admin\AppData\Local\Temp\603f8c5b4ea6435f1d15a97382fd86580a0840b8999618e6320fd152b8870efe.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4252-132-0x0000000000400000-0x0000000000744000-memory.dmpFilesize
3.3MB
-
memory/4252-133-0x0000000000400000-0x0000000000744000-memory.dmpFilesize
3.3MB
-
memory/4252-135-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/4252-138-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/4252-137-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/4252-139-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/4252-140-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/4252-142-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/4252-144-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/4252-146-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/4252-148-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/4252-150-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/4252-152-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/4252-154-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/4252-156-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/4252-160-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/4252-158-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/4252-162-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/4252-164-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/4252-166-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/4252-168-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/4252-170-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/4252-172-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/4252-174-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/4252-176-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/4252-178-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/4252-180-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB
-
memory/4252-181-0x0000000000400000-0x0000000000744000-memory.dmpFilesize
3.3MB
-
memory/4252-182-0x0000000010000000-0x000000001003D000-memory.dmpFilesize
244KB