Overview

overview

5

Static

static

b6ae3cec58...69.exe

windows7-x64

5

b6ae3cec58...69.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    151s
  • max time network
    171s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/12/2022, 14:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b6ae3cec58423ead29f0c5dde7e1bb309b738ff9593e06ee0966857187a9eb69.exe

  • Size

    2.0MB

  • MD5

    1d0d8a52bd27122fb7075b6b2b7f8baa

  • SHA1

    eb2ea56fb01df347e45bda9fad7850a3d5caf7f9

  • SHA256

    b6ae3cec58423ead29f0c5dde7e1bb309b738ff9593e06ee0966857187a9eb69

  • SHA512

    03e5327815d628ec777a7d2f225c9c7251e42fcf77695e54843a7bcee9dce2fa6e70605803bf5584dbe107f7af35f5f2d84b9eea059a7d797ee487fa8ad2d16e

  • SSDEEP

    49152:3gXiz8YDyx1dmW57ZEUd7+zQ6naGMOrxDvOZZvW:3SizNDcIWRbZkZrK

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b6ae3cec58423ead29f0c5dde7e1bb309b738ff9593e06ee0966857187a9eb69.exe
    "C:\Users\Admin\AppData\Local\Temp\b6ae3cec58423ead29f0c5dde7e1bb309b738ff9593e06ee0966857187a9eb69.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:3868
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 660
      2⤵
      • Program crash
      PID:4300
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3868 -ip 3868
    1⤵
      PID:4104

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3868-132-0x0000000000400000-0x00000000008A6000-memory.dmp

      Filesize

      4.6MB

      Download

    • memory/3868-133-0x0000000000400000-0x00000000008A6000-memory.dmp

      Filesize

      4.6MB

      Download

    • memory/3868-134-0x0000000002760000-0x0000000002768000-memory.dmp

      Filesize

      32KB

      Download

    • memory/3868-135-0x0000000000400000-0x00000000008A6000-memory.dmp

      Filesize

      4.6MB

      Download