Overview

overview

5

Static

static

93d9b340b7...bf.exe

windows7-x64

5

93d9b340b7...bf.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    152s
  • max time network
    175s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/12/2022, 14:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    93d9b340b7964d41c2a0268daca3cc7be189c09a873720f2f2e817f8228141bf.exe

  • Size

    39KB

  • MD5

    7577d136df2b71aa97fece2483b607ff

  • SHA1

    d1dc814cdd04451e44069ff8172dea0651a96473

  • SHA256

    93d9b340b7964d41c2a0268daca3cc7be189c09a873720f2f2e817f8228141bf

  • SHA512

    95e07bad0f61846019768b0364a717405154808c01bd5a61d2ba98cc02bc59808b05b9b6135f1e26523cfe01a1bf99388394f7d6f39152fca625634c5396f5e9

  • SSDEEP

    768:jZuTjZ/tNR5LB0PHEEhh/VAkymh0PQuV/IWr4hOZSGoQc:10jp/LBIbtAk90PlRZ4hZQc

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:2708
      • C:\Users\Admin\AppData\Local\Temp\93d9b340b7964d41c2a0268daca3cc7be189c09a873720f2f2e817f8228141bf.exe
        "C:\Users\Admin\AppData\Local\Temp\93d9b340b7964d41c2a0268daca3cc7be189c09a873720f2f2e817f8228141bf.exe"
        2⤵
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:4980

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads