aed5c1a4dd6fedb5213925a777e0c05df1d06f4eaf7b2a2534c70e507f15fb8d

Analysis

max time kernel
120s
max time network
129s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
30/08/2023, 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aed5c1a4dd6fedb5213925a777e0c05df1d06f4eaf7b2a2534c70e507f15fb8d.exe
Size

812KB
MD5

954bfaa2aab7afeaa5e76dc02c8aed9b
SHA1

1ce979c3d8893edff1ba3d11d9509806385582c7
SHA256

aed5c1a4dd6fedb5213925a777e0c05df1d06f4eaf7b2a2534c70e507f15fb8d
SHA512

c3cbb443b548c8f2092270008ca2652e5b12c2017cb4a9a7f01c1bae4a743768aa80accc8fd1cb0aa19099cefcabfca4953236856a546376c47fb17937380b03
SSDEEP

12288:WqmytVdB0rPEDb3kCoI641jxy7GHEX2rnAv8MktrOKxp22CMOZ/1Sq:WqxtVfNDb31oT41+aneOrO4p2zMOZ/V

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2516	1E0A0F0B120D156C155D15B0E0C160A0D160A.exe

Loads dropped DLL 2 IoCs

pid	Process
2464	aed5c1a4dd6fedb5213925a777e0c05df1d06f4eaf7b2a2534c70e507f15fb8d.exe
2464	aed5c1a4dd6fedb5213925a777e0c05df1d06f4eaf7b2a2534c70e507f15fb8d.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
2464	aed5c1a4dd6fedb5213925a777e0c05df1d06f4eaf7b2a2534c70e507f15fb8d.exe
2516	1E0A0F0B120D156C155D15B0E0C160A0D160A.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 2516	2464	aed5c1a4dd6fedb5213925a777e0c05df1d06f4eaf7b2a2534c70e507f15fb8d.exe	28
PID 2464 wrote to memory of 2516	2464	aed5c1a4dd6fedb5213925a777e0c05df1d06f4eaf7b2a2534c70e507f15fb8d.exe	28
PID 2464 wrote to memory of 2516	2464	aed5c1a4dd6fedb5213925a777e0c05df1d06f4eaf7b2a2534c70e507f15fb8d.exe	28
PID 2464 wrote to memory of 2516	2464	aed5c1a4dd6fedb5213925a777e0c05df1d06f4eaf7b2a2534c70e507f15fb8d.exe	28

C:\Users\Admin\AppData\Local\Temp\aed5c1a4dd6fedb5213925a777e0c05df1d06f4eaf7b2a2534c70e507f15fb8d.exe
"C:\Users\Admin\AppData\Local\Temp\aed5c1a4dd6fedb5213925a777e0c05df1d06f4eaf7b2a2534c70e507f15fb8d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Users\Admin\AppData\Local\Temp\1E0A0F0B120D156C155D15B0E0C160A0D160A.exe
  C:\Users\Admin\AppData\Local\Temp\1E0A0F0B120D156C155D15B0E0C160A0D160A.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1E0A0F0B120D156C155D15B0E0C160A0D160A.exe

Filesize
812KB

MD5
5cd87f299094503f26ca3ffee8edbed5

SHA1
8100744d88d42103b809c044a96f164d887e2467

SHA256
b57317d6b319e88ec6c6d2aa75b9734ab37f1d1c97d74d3fac06f86413c0ce97

SHA512
4b0f6175ea2f8ac7625de6dae0264b1fb0e1224ff6149312e2811da312074e4587f032172f53eb9dc2ef97de52840535cee02ce3a9cfd28cfb37860bfaaad567

Download Submit
C:\Users\Admin\AppData\Local\Temp\1E0A0F0B120D156C155D15B0E0C160A0D160A.exe

Filesize
812KB

MD5
5cd87f299094503f26ca3ffee8edbed5

SHA1
8100744d88d42103b809c044a96f164d887e2467

SHA256
b57317d6b319e88ec6c6d2aa75b9734ab37f1d1c97d74d3fac06f86413c0ce97

SHA512
4b0f6175ea2f8ac7625de6dae0264b1fb0e1224ff6149312e2811da312074e4587f032172f53eb9dc2ef97de52840535cee02ce3a9cfd28cfb37860bfaaad567

Download Submit
\Users\Admin\AppData\Local\Temp\1E0A0F0B120D156C155D15B0E0C160A0D160A.exe

Filesize
812KB

MD5
5cd87f299094503f26ca3ffee8edbed5

SHA1
8100744d88d42103b809c044a96f164d887e2467

SHA256
b57317d6b319e88ec6c6d2aa75b9734ab37f1d1c97d74d3fac06f86413c0ce97

SHA512
4b0f6175ea2f8ac7625de6dae0264b1fb0e1224ff6149312e2811da312074e4587f032172f53eb9dc2ef97de52840535cee02ce3a9cfd28cfb37860bfaaad567

Download Submit
\Users\Admin\AppData\Local\Temp\1E0A0F0B120D156C155D15B0E0C160A0D160A.exe

Filesize
812KB

MD5
5cd87f299094503f26ca3ffee8edbed5

SHA1
8100744d88d42103b809c044a96f164d887e2467

SHA256
b57317d6b319e88ec6c6d2aa75b9734ab37f1d1c97d74d3fac06f86413c0ce97

SHA512
4b0f6175ea2f8ac7625de6dae0264b1fb0e1224ff6149312e2811da312074e4587f032172f53eb9dc2ef97de52840535cee02ce3a9cfd28cfb37860bfaaad567

Download Submit
memory/2464-0-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/2464-4-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/2464-3-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/2464-11-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/2516-13-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/2516-15-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/2516-16-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads