3ab638faa7d125d66237d98c6f21346928bc3e029eac785480b540f567e67d5b

Analysis

max time kernel
61s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 00:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3ab638faa7d125d66237d98c6f21346928bc3e029eac785480b540f567e67d5b.exe
Size

6.3MB
MD5

944246338b59f8cebc45970a08e9477a
SHA1

f3884034b958f64fd92a37f28d886b2aa0ceeb17
SHA256

3ab638faa7d125d66237d98c6f21346928bc3e029eac785480b540f567e67d5b
SHA512

f2b36a33f223fb1cc5cd504a32e8eac4291c1d3ea2a289a5b8bcde922269141024071bd7d6148c10359d9b66061768218869cf0b7dfc58a6ba79b2824890744a
SSDEEP

196608:deSXCQEZ1qu+KE9PNtqPYhmHYpxdUl3i1zwy6:ISXCQsihFfqwhMYrdUYNwy6

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1992	3ab638faa7d125d66237d98c6f21346928bc3e029eac785480b540f567e67d5b.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1992	3ab638faa7d125d66237d98c6f21346928bc3e029eac785480b540f567e67d5b.exe
1992	3ab638faa7d125d66237d98c6f21346928bc3e029eac785480b540f567e67d5b.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1992	3ab638faa7d125d66237d98c6f21346928bc3e029eac785480b540f567e67d5b.exe

C:\Users\Admin\AppData\Local\Temp\3ab638faa7d125d66237d98c6f21346928bc3e029eac785480b540f567e67d5b.exe
"C:\Users\Admin\AppData\Local\Temp\3ab638faa7d125d66237d98c6f21346928bc3e029eac785480b540f567e67d5b.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1992-54-0x0000000075511000-0x0000000075513000-memory.dmp

Filesize
8KB

Download
memory/1992-55-0x00000000751B0000-0x00000000751FA000-memory.dmp

Filesize
296KB

Download
memory/1992-56-0x0000000000CA0000-0x0000000000D30000-memory.dmp

Filesize
576KB

Download
memory/1992-58-0x0000000076F60000-0x000000007700C000-memory.dmp

Filesize
688KB

Download
memory/1992-59-0x0000000076C90000-0x0000000076CD7000-memory.dmp

Filesize
284KB

Download
memory/1992-60-0x0000000076880000-0x00000000768D7000-memory.dmp

Filesize
348KB

Download
memory/1992-61-0x0000000075120000-0x0000000075129000-memory.dmp

Filesize
36KB

Download
memory/1992-62-0x0000000000CA0000-0x0000000000D30000-memory.dmp

Filesize
576KB

Download
memory/1992-63-0x0000000000090000-0x00000000000CD000-memory.dmp

Filesize
244KB

Download
memory/1992-64-0x0000000076C90000-0x0000000076CD7000-memory.dmp

Filesize
284KB

Download
memory/1992-65-0x00000000748D0000-0x0000000074E7B000-memory.dmp

Filesize
5.7MB

Download
memory/1992-67-0x00000000748D0000-0x0000000074E7B000-memory.dmp

Filesize
5.7MB

Download
memory/1992-66-0x0000000075510000-0x000000007615A000-memory.dmp

Filesize
12.3MB

Download
memory/1992-69-0x00000000770C0000-0x000000007721C000-memory.dmp

Filesize
1.4MB

Download
memory/1992-70-0x0000000074F90000-0x0000000074FEB000-memory.dmp

Filesize
364KB

Download
memory/1992-72-0x0000000060340000-0x0000000060348000-memory.dmp

Filesize
32KB

Download
memory/1992-73-0x000000005E3A0000-0x000000005E42D000-memory.dmp

Filesize
564KB

Download
memory/1992-74-0x0000000000CA0000-0x0000000000D30000-memory.dmp

Filesize
576KB

Download
memory/1992-75-0x0000000076C90000-0x0000000076CD7000-memory.dmp

Filesize
284KB

Download
memory/1992-76-0x00000000748D0000-0x0000000074E7B000-memory.dmp

Filesize
5.7MB

Download
memory/1992-77-0x0000000060340000-0x0000000060348000-memory.dmp

Filesize
32KB

Download