18ebd9b18169a44b962b85823ff8b3f0c89893124fef76d49a32d549ca87a6c3

Resubmissions

22-05-2023 15:51

230522-tasw6shd57 5

22-05-2023 15:46

230522-s71slshd38 5

Analysis

max time kernel
52s
max time network
67s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
22-05-2023 15:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

G_768916/G_x64_x86_289399.exe
Size

1.3MB
MD5

80b65ccbf91375ed450dff25fc7b60e2
SHA1

cba29644ac48b7d53a90aaa3b000b771574b6995
SHA256

21fce3ca864600ea88548acaeea268c189ae9825acd0e3497f5a6242198f7354
SHA512

060c2d81a08107998599d396d9659ca4f56dc2b93e7622cbc88481488398316283b2121e9c3729370c4fbd525043aaf3f74ba422c0183ec6bd2f7ae834c812f3
SSDEEP

24576:ktdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFtCzi3ZAiSLxenD1op42GbaNDRHq:cqTytRFk6ek2zUZAiSLxenD1op42Gba6

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2460	G_x64_x86_289399.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2460	G_x64_x86_289399.exe
2460	G_x64_x86_289399.exe
2460	G_x64_x86_289399.exe
2460	G_x64_x86_289399.exe
2460	G_x64_x86_289399.exe
2460	G_x64_x86_289399.exe
2460	G_x64_x86_289399.exe
2460	G_x64_x86_289399.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeRestorePrivilege	2460	G_x64_x86_289399.exe

C:\Users\Admin\AppData\Local\Temp\G_768916\G_x64_x86_289399.exe
"C:\Users\Admin\AppData\Local\Temp\G_768916\G_x64_x86_289399.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2460-121-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/2460-122-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/2460-123-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/2460-124-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/2460-125-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/2460-126-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/2460-127-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/2460-128-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/2460-129-0x00000000006A0000-0x00000000006A1000-memory.dmp

Filesize
4KB

Download
memory/2460-130-0x00000000006B0000-0x00000000006B1000-memory.dmp

Filesize
4KB

Download
memory/2460-131-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/2460-132-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/2460-133-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/2460-134-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/2460-135-0x0000000002480000-0x0000000002481000-memory.dmp

Filesize
4KB

Download
memory/2460-136-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/2460-137-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2460-138-0x0000000000890000-0x00000000009AA000-memory.dmp

Filesize
1.1MB

Download
memory/2460-142-0x00000000009B0000-0x0000000000AD9000-memory.dmp

Filesize
1.2MB

Download
memory/2460-147-0x00000000009B0000-0x0000000000AD9000-memory.dmp

Filesize
1.2MB

Download
memory/2460-148-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/2460-149-0x00000000730A0000-0x0000000073ED0000-memory.dmp

Filesize
14.2MB

Download
memory/2460-152-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/2460-153-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download