Overview

overview

5

Static

static

3

803e1b015c...e9.exe

windows7-x64

5

803e1b015c...e9.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    140s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-08-2023 21:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    803e1b015c5e675f53160d32a68ca6f0969748d46fe75f5afac86c859610d3e9.exe

  • Size

    2.6MB

  • MD5

    50f54f338bacb9507476a191fcca8472

  • SHA1

    690e9ea97ab4dbe60364ef8eedad9505ab18b52f

  • SHA256

    803e1b015c5e675f53160d32a68ca6f0969748d46fe75f5afac86c859610d3e9

  • SHA512

    c6026e7a5f26f29acdeff025fb24283b98c328fe24b4750249f3789d6646b759c150a983681d382e9abb823acf101b92ac55b6564c295a118a9009fd89d566a4

  • SSDEEP

    49152:wW2JRIEWE2Ykf+WjXnHml1R1Z0DasgBxTu64yUryQqD:gR2f+GGLn0azDayQqD

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\803e1b015c5e675f53160d32a68ca6f0969748d46fe75f5afac86c859610d3e9.exe
    "C:\Users\Admin\AppData\Local\Temp\803e1b015c5e675f53160d32a68ca6f0969748d46fe75f5afac86c859610d3e9.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:4372
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 296
      2⤵
      • Program crash
      PID:924
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4372 -ip 4372
    1⤵
      PID:3152

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4372-0-0x0000000000400000-0x0000000000874000-memory.dmp

      Filesize

      4.5MB

      Download

    • memory/4372-1-0x0000000000400000-0x0000000000874000-memory.dmp

      Filesize

      4.5MB

      Download