Overview

overview

5

Static

static

3

b8d495a3cb...87.exe

windows7-x64

5

b8d495a3cb...87.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    142s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/08/2023, 21:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b8d495a3cb4e9a5ab8b9591034ca3e7fb69ce86229448c563285ddf1c8dd4e87.exe

  • Size

    6.6MB

  • MD5

    38bd0f0d6329e0273ce93257651bca56

  • SHA1

    50fb34dc1c92bbbac68d711420e61c29465bb1ad

  • SHA256

    b8d495a3cb4e9a5ab8b9591034ca3e7fb69ce86229448c563285ddf1c8dd4e87

  • SHA512

    e1e2a809fa6dd5f1a17060d47b67b8fa0dbe1ecef970e1c150fadb610fcef19fea062cc11b6d39375c6772950552c27d82d9682ff915ca2170ecf3ae30587b28

  • SSDEEP

    98304:uv1ILKeosJrSZH/F926iS7GhduelMeW97GQtxEJ++9d2lcq+OeC/Xw8LdMFq+mdK:hzxSG6iSwaejQtv+9dccfMNLOFRlf

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b8d495a3cb4e9a5ab8b9591034ca3e7fb69ce86229448c563285ddf1c8dd4e87.exe
    "C:\Users\Admin\AppData\Local\Temp\b8d495a3cb4e9a5ab8b9591034ca3e7fb69ce86229448c563285ddf1c8dd4e87.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetWindowsHookEx
    PID:4372
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 960
      2⤵
      • Program crash
      PID:1816
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4372 -ip 4372
    1⤵
      PID:724

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/4372-0-0x0000000000400000-0x0000000000E88000-memory.dmp

            Filesize

            10.5MB

            Download

          • memory/4372-1-0x0000000076890000-0x0000000076AA5000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/4372-3875-0x0000000075D30000-0x0000000075ED0000-memory.dmp

            Filesize

            1.6MB

            Download

          • memory/4372-5884-0x0000000075CB0000-0x0000000075D2A000-memory.dmp

            Filesize

            488KB

            Download

          • memory/4372-13069-0x0000000000400000-0x0000000000E88000-memory.dmp

            Filesize

            10.5MB

            Download

          • memory/4372-13070-0x0000000000400000-0x0000000000E88000-memory.dmp

            Filesize

            10.5MB

            Download

          • memory/4372-13071-0x0000000000400000-0x0000000000E88000-memory.dmp

            Filesize

            10.5MB

            Download

          • memory/4372-13072-0x0000000000400000-0x0000000000E88000-memory.dmp

            Filesize

            10.5MB

            Download

          • memory/4372-13074-0x0000000000400000-0x0000000000E88000-memory.dmp

            Filesize

            10.5MB

            Download

          • memory/4372-13075-0x0000000000400000-0x0000000000E88000-memory.dmp

            Filesize

            10.5MB

            Download

          • memory/4372-13076-0x0000000000400000-0x0000000000E88000-memory.dmp

            Filesize

            10.5MB

            Download

          • memory/4372-13077-0x0000000000400000-0x0000000000E88000-memory.dmp

            Filesize

            10.5MB

            Download