923aefbbb1c99bfac368e5e563723d7cc518e8c70597f105d474bfc3f8347307

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
01-09-2023 22:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

923aefbbb1c99bfac368e5e563723d7cc518e8c70597f105d474bfc3f8347307.exe
Size

812KB
MD5

8cba85dfd4ee878af76cf0406168d0be
SHA1

ca4ccd6c095884be4b23ef44bac760411b564e10
SHA256

923aefbbb1c99bfac368e5e563723d7cc518e8c70597f105d474bfc3f8347307
SHA512

b7f739b3e85388b5482013b4db27ec51a8d1d07790edea636eb565e1d1914e4988f95afc704c7b92348c0cd0307f0c1cc5843caf852240c901dd686b5dd45609
SSDEEP

12288:AqmytVdB0rPEDb3kCoI641jxy7GHEX2rnAv8MktrOKxp22CMOZ/1Sq:AqxtVfNDb31oT41+aneOrO4p2zMOZ/V

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1868	1C0F0B0C120F156D155B15E0E0B160E0F160A.exe

Loads dropped DLL 2 IoCs

pid	Process
1712	923aefbbb1c99bfac368e5e563723d7cc518e8c70597f105d474bfc3f8347307.exe
1712	923aefbbb1c99bfac368e5e563723d7cc518e8c70597f105d474bfc3f8347307.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
1712	923aefbbb1c99bfac368e5e563723d7cc518e8c70597f105d474bfc3f8347307.exe
1868	1C0F0B0C120F156D155B15E0E0B160E0F160A.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 1868	1712	923aefbbb1c99bfac368e5e563723d7cc518e8c70597f105d474bfc3f8347307.exe	28
PID 1712 wrote to memory of 1868	1712	923aefbbb1c99bfac368e5e563723d7cc518e8c70597f105d474bfc3f8347307.exe	28
PID 1712 wrote to memory of 1868	1712	923aefbbb1c99bfac368e5e563723d7cc518e8c70597f105d474bfc3f8347307.exe	28
PID 1712 wrote to memory of 1868	1712	923aefbbb1c99bfac368e5e563723d7cc518e8c70597f105d474bfc3f8347307.exe	28

C:\Users\Admin\AppData\Local\Temp\923aefbbb1c99bfac368e5e563723d7cc518e8c70597f105d474bfc3f8347307.exe
"C:\Users\Admin\AppData\Local\Temp\923aefbbb1c99bfac368e5e563723d7cc518e8c70597f105d474bfc3f8347307.exe"
1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Users\Admin\AppData\Local\Temp\1C0F0B0C120F156D155B15E0E0B160E0F160A.exe
  C:\Users\Admin\AppData\Local\Temp\1C0F0B0C120F156D155B15E0E0B160E0F160A.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:1868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1C0F0B0C120F156D155B15E0E0B160E0F160A.exe

Filesize
812KB

MD5
903db6d94da0e07e2eb4dedcb0021b3f

SHA1
dcd441f6ba360a5cdcbbf29a64df847a8c2b1708

SHA256
582bf3a68d51947d10d9ed40b31e74938f972e842ef0fcefc987e5ea8323a1f4

SHA512
56713adf346b868d50a5f21d64abac76e025c04ab9bfaae5c17dbe9149afd4868c9d920f9d21852b08e858bd4e82cbdc5076bf89fc4fbf4293608e0e62b8ea4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\1C0F0B0C120F156D155B15E0E0B160E0F160A.exe

Filesize
812KB

MD5
903db6d94da0e07e2eb4dedcb0021b3f

SHA1
dcd441f6ba360a5cdcbbf29a64df847a8c2b1708

SHA256
582bf3a68d51947d10d9ed40b31e74938f972e842ef0fcefc987e5ea8323a1f4

SHA512
56713adf346b868d50a5f21d64abac76e025c04ab9bfaae5c17dbe9149afd4868c9d920f9d21852b08e858bd4e82cbdc5076bf89fc4fbf4293608e0e62b8ea4e

Download Submit
\Users\Admin\AppData\Local\Temp\1C0F0B0C120F156D155B15E0E0B160E0F160A.exe

Filesize
812KB

MD5
903db6d94da0e07e2eb4dedcb0021b3f

SHA1
dcd441f6ba360a5cdcbbf29a64df847a8c2b1708

SHA256
582bf3a68d51947d10d9ed40b31e74938f972e842ef0fcefc987e5ea8323a1f4

SHA512
56713adf346b868d50a5f21d64abac76e025c04ab9bfaae5c17dbe9149afd4868c9d920f9d21852b08e858bd4e82cbdc5076bf89fc4fbf4293608e0e62b8ea4e

Download Submit
\Users\Admin\AppData\Local\Temp\1C0F0B0C120F156D155B15E0E0B160E0F160A.exe

Filesize
812KB

MD5
903db6d94da0e07e2eb4dedcb0021b3f

SHA1
dcd441f6ba360a5cdcbbf29a64df847a8c2b1708

SHA256
582bf3a68d51947d10d9ed40b31e74938f972e842ef0fcefc987e5ea8323a1f4

SHA512
56713adf346b868d50a5f21d64abac76e025c04ab9bfaae5c17dbe9149afd4868c9d920f9d21852b08e858bd4e82cbdc5076bf89fc4fbf4293608e0e62b8ea4e

Download Submit
memory/1712-0-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/1712-2-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/1712-13-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/1712-11-0x00000000020F0000-0x000000000229B000-memory.dmp

Filesize
1.7MB

Download
memory/1868-14-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/1868-15-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads