ffe2a83d37b7b5657de5c2c2d3fc3db3f4703a0b1a19a9964226eba696040b09

Analysis

max time kernel
130s
max time network
248s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2022 18:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1433_hack44.cn/NB12-18/NetBot5.5.exe
Size

544KB
MD5

6379c36c3bb6e0c758a73251ab663810
SHA1

8bf4731742a1f74914b06706f851d4854172fc92
SHA256

4ba463bf00edf0327909d1b5e9f7e6b193f907716dff57fc3f7330249dcc116d
SHA512

379a5c7b563105fdcd71761ba61093fb788b961a1e3d9d6956f35c199dc11bf9d6fe42a3cfde65552f5eab8f884af797611d081f475eccb8f7b95b3299aaca17
SSDEEP

12288:N+ZF8GCbzHgpjzbgepgC5O6hxZo57oDPzVy3vJaZV:YyfgRjp35O2xqC83vcL

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 26 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral22/memory/4908-138-0x0000000002450000-0x000000000248D000-memory.dmp	upx
behavioral22/memory/4908-140-0x0000000002450000-0x000000000248D000-memory.dmp	upx
behavioral22/memory/4908-141-0x0000000002450000-0x000000000248D000-memory.dmp	upx
behavioral22/memory/4908-142-0x0000000002450000-0x000000000248D000-memory.dmp	upx
behavioral22/memory/4908-143-0x0000000002450000-0x000000000248D000-memory.dmp	upx
behavioral22/memory/4908-145-0x0000000002450000-0x000000000248D000-memory.dmp	upx
behavioral22/memory/4908-147-0x0000000002450000-0x000000000248D000-memory.dmp	upx
behavioral22/memory/4908-149-0x0000000002450000-0x000000000248D000-memory.dmp	upx
behavioral22/memory/4908-151-0x0000000002450000-0x000000000248D000-memory.dmp	upx
behavioral22/memory/4908-153-0x0000000002450000-0x000000000248D000-memory.dmp	upx
behavioral22/memory/4908-155-0x0000000002450000-0x000000000248D000-memory.dmp	upx
behavioral22/memory/4908-157-0x0000000002450000-0x000000000248D000-memory.dmp	upx
behavioral22/memory/4908-159-0x0000000002450000-0x000000000248D000-memory.dmp	upx
behavioral22/memory/4908-161-0x0000000002450000-0x000000000248D000-memory.dmp	upx
behavioral22/memory/4908-163-0x0000000002450000-0x000000000248D000-memory.dmp	upx
behavioral22/memory/4908-166-0x0000000002450000-0x000000000248D000-memory.dmp	upx
behavioral22/memory/4908-168-0x0000000002450000-0x000000000248D000-memory.dmp	upx
behavioral22/memory/4908-170-0x0000000002450000-0x000000000248D000-memory.dmp	upx
behavioral22/memory/4908-172-0x0000000002450000-0x000000000248D000-memory.dmp	upx
behavioral22/memory/4908-174-0x0000000002450000-0x000000000248D000-memory.dmp	upx
behavioral22/memory/4908-176-0x0000000002450000-0x000000000248D000-memory.dmp	upx
behavioral22/memory/4908-178-0x0000000002450000-0x000000000248D000-memory.dmp	upx
behavioral22/memory/4908-180-0x0000000002450000-0x000000000248D000-memory.dmp	upx
behavioral22/memory/4908-182-0x0000000002450000-0x000000000248D000-memory.dmp	upx
behavioral22/memory/4908-184-0x0000000002450000-0x000000000248D000-memory.dmp	upx
behavioral22/memory/4908-187-0x0000000002450000-0x000000000248D000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

NetBot5.5.exe

pid process

4908 NetBot5.5.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

228 4908 WerFault.exe NetBot5.5.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

NetBot5.5.exe

pid process

4908 NetBot5.5.exe
4908 NetBot5.5.exe

pid	process
4908	NetBot5.5.exe

pid	pid_target	process	target process
228	4908	WerFault.exe	NetBot5.5.exe

pid	process
4908	NetBot5.5.exe
4908	NetBot5.5.exe

C:\Users\Admin\AppData\Local\Temp\1433_hack44.cn\NB12-18\NetBot5.5.exe
"C:\Users\Admin\AppData\Local\Temp\1433_hack44.cn\NB12-18\NetBot5.5.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 656
2⤵
- Program crash
PID:228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4908 -ip 4908
1⤵
PID:2124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4908-132-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/4908-133-0x0000000010000000-0x00000000101A3000-memory.dmp

Filesize
1.6MB

Download
memory/4908-134-0x0000000010000000-0x00000000101A3000-memory.dmp

Filesize
1.6MB

Download
memory/4908-138-0x0000000002450000-0x000000000248D000-memory.dmp

Filesize
244KB

Download
memory/4908-140-0x0000000002450000-0x000000000248D000-memory.dmp

Filesize
244KB

Download
memory/4908-141-0x0000000002450000-0x000000000248D000-memory.dmp

Filesize
244KB

Download
memory/4908-142-0x0000000002450000-0x000000000248D000-memory.dmp

Filesize
244KB

Download
memory/4908-143-0x0000000002450000-0x000000000248D000-memory.dmp

Filesize
244KB

Download
memory/4908-145-0x0000000002450000-0x000000000248D000-memory.dmp

Filesize
244KB

Download
memory/4908-147-0x0000000002450000-0x000000000248D000-memory.dmp

Filesize
244KB

Download
memory/4908-149-0x0000000002450000-0x000000000248D000-memory.dmp

Filesize
244KB

Download
memory/4908-151-0x0000000002450000-0x000000000248D000-memory.dmp

Filesize
244KB

Download
memory/4908-153-0x0000000002450000-0x000000000248D000-memory.dmp

Filesize
244KB

Download
memory/4908-155-0x0000000002450000-0x000000000248D000-memory.dmp

Filesize
244KB

Download
memory/4908-157-0x0000000002450000-0x000000000248D000-memory.dmp

Filesize
244KB

Download
memory/4908-159-0x0000000002450000-0x000000000248D000-memory.dmp

Filesize
244KB

Download
memory/4908-161-0x0000000002450000-0x000000000248D000-memory.dmp

Filesize
244KB

Download
memory/4908-163-0x0000000002450000-0x000000000248D000-memory.dmp

Filesize
244KB

Download
memory/4908-166-0x0000000002450000-0x000000000248D000-memory.dmp

Filesize
244KB

Download
memory/4908-168-0x0000000002450000-0x000000000248D000-memory.dmp

Filesize
244KB

Download
memory/4908-170-0x0000000002450000-0x000000000248D000-memory.dmp

Filesize
244KB

Download
memory/4908-172-0x0000000002450000-0x000000000248D000-memory.dmp

Filesize
244KB

Download
memory/4908-174-0x0000000002450000-0x000000000248D000-memory.dmp

Filesize
244KB

Download
memory/4908-176-0x0000000002450000-0x000000000248D000-memory.dmp

Filesize
244KB

Download
memory/4908-178-0x0000000002450000-0x000000000248D000-memory.dmp

Filesize
244KB

Download
memory/4908-180-0x0000000002450000-0x000000000248D000-memory.dmp

Filesize
244KB

Download
memory/4908-182-0x0000000002450000-0x000000000248D000-memory.dmp

Filesize
244KB

Download
memory/4908-184-0x0000000002450000-0x000000000248D000-memory.dmp

Filesize
244KB

Download
memory/4908-185-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/4908-187-0x0000000002450000-0x000000000248D000-memory.dmp

Filesize
244KB

Download
memory/4908-186-0x0000000010000000-0x00000000101A3000-memory.dmp

Filesize
1.6MB

Download