Analysis
-
max time kernel
27s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
24-03-2023 04:24
General
-
Target
015ec8a7dc343e6d1aabb593e77a894b23f44cc2c7d5eec0de03c3620a938cf9.exe
-
Size
5.7MB
-
MD5
06d51eba5329714f34565ff6be36f525
-
SHA1
47bb5130d05bcbd9551fbcd0aff303f4ac5074f2
-
SHA256
015ec8a7dc343e6d1aabb593e77a894b23f44cc2c7d5eec0de03c3620a938cf9
-
SHA512
1f4c026d7cb099911c9d31b2ff35ff562c5a84f5e54b35869355d1b4c23d2b9ae1de5c1b564575f457c8a10479108c40c94ff9016ecb0c7cae27b286877388cd
-
SSDEEP
98304:y0j1Ij9ZLj7kTVOV3lXLeUcq1cM4DoctB/pUc+crheufhqb0oWnybXEnumqTwQnK:y0jahZQZO9hLeUcq74DoCN+crtMwnuml
Score
8/10
Malware Config
Signatures
-
Drops file in Drivers directory 2 IoCs
-
VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\015ec8a7dc343e6d1aabb593e77a894b23f44cc2c7d5eec0de03c3620a938cf9.exe"C:\Users\Admin\AppData\Local\Temp\015ec8a7dc343e6d1aabb593e77a894b23f44cc2c7d5eec0de03c3620a938cf9.exe"1⤵
- Drops file in Drivers directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c cacls.exe c:\windows\system32\drivers\etc\hosts /e /t /p everyone:F2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cacls.execacls.exe c:\windows\system32\drivers\etc\hosts /e /t /p everyone:F3⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1736-54-0x0000000000230000-0x0000000000231000-memory.dmpFilesize
4KB
-
memory/1736-55-0x0000000000230000-0x0000000000231000-memory.dmpFilesize
4KB
-
memory/1736-56-0x0000000000230000-0x0000000000231000-memory.dmpFilesize
4KB
-
memory/1736-57-0x0000000000250000-0x0000000000251000-memory.dmpFilesize
4KB
-
memory/1736-58-0x0000000000250000-0x0000000000251000-memory.dmpFilesize
4KB
-
memory/1736-59-0x0000000000250000-0x0000000000251000-memory.dmpFilesize
4KB
-
memory/1736-61-0x0000000000260000-0x0000000000261000-memory.dmpFilesize
4KB
-
memory/1736-62-0x0000000000260000-0x0000000000261000-memory.dmpFilesize
4KB
-
memory/1736-64-0x0000000000270000-0x0000000000271000-memory.dmpFilesize
4KB
-
memory/1736-65-0x0000000000270000-0x0000000000271000-memory.dmpFilesize
4KB
-
memory/1736-67-0x0000000000280000-0x0000000000281000-memory.dmpFilesize
4KB
-
memory/1736-68-0x0000000000280000-0x0000000000281000-memory.dmpFilesize
4KB
-
memory/1736-70-0x0000000000290000-0x0000000000291000-memory.dmpFilesize
4KB
-
memory/1736-71-0x0000000000290000-0x0000000000291000-memory.dmpFilesize
4KB
-
memory/1736-72-0x00000000002A0000-0x00000000002A1000-memory.dmpFilesize
4KB
-
memory/1736-73-0x00000000002A0000-0x00000000002A1000-memory.dmpFilesize
4KB
-
memory/1736-74-0x00000000002A0000-0x00000000002A1000-memory.dmpFilesize
4KB
-
memory/1736-75-0x0000000000400000-0x0000000000F46000-memory.dmpFilesize
11.3MB