cf6e51a1a12c6e111e6b6ce14157e7982c3ad084ded27525d2d0e39eed15acb0

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
02/09/2023, 20:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cf6e51a1a12c6e111e6b6ce14157e7982c3ad084ded27525d2d0e39eed15acb0.exe
Size

812KB
MD5

96d140cbecfc9859ebf9888b1eef0f4c
SHA1

a212066f78fe54a5f6f289bd5cbaebe312269637
SHA256

cf6e51a1a12c6e111e6b6ce14157e7982c3ad084ded27525d2d0e39eed15acb0
SHA512

6d4240d24398475ec6b641d5de67260f5f6075463a07bc2913ab1b6b3abd578a532fdd632ce75aea336ea73eef4898bfedc147aa819005d43cff34c3553e6fdd
SSDEEP

12288:5qmytVdB0rPEDb3kCoI641jxy7GHEX2rnAv8MktrOKxp22CMOZ/1Sq:5qxtVfNDb31oT41+aneOrO4p2zMOZ/V

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1984	1F0F0B0C120E156A155E15A0A0B160D0B160C.exe

Loads dropped DLL 2 IoCs

pid	Process
1756	cf6e51a1a12c6e111e6b6ce14157e7982c3ad084ded27525d2d0e39eed15acb0.exe
1756	cf6e51a1a12c6e111e6b6ce14157e7982c3ad084ded27525d2d0e39eed15acb0.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
1756	cf6e51a1a12c6e111e6b6ce14157e7982c3ad084ded27525d2d0e39eed15acb0.exe
1984	1F0F0B0C120E156A155E15A0A0B160D0B160C.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 1984	1756	cf6e51a1a12c6e111e6b6ce14157e7982c3ad084ded27525d2d0e39eed15acb0.exe	28
PID 1756 wrote to memory of 1984	1756	cf6e51a1a12c6e111e6b6ce14157e7982c3ad084ded27525d2d0e39eed15acb0.exe	28
PID 1756 wrote to memory of 1984	1756	cf6e51a1a12c6e111e6b6ce14157e7982c3ad084ded27525d2d0e39eed15acb0.exe	28
PID 1756 wrote to memory of 1984	1756	cf6e51a1a12c6e111e6b6ce14157e7982c3ad084ded27525d2d0e39eed15acb0.exe	28

C:\Users\Admin\AppData\Local\Temp\cf6e51a1a12c6e111e6b6ce14157e7982c3ad084ded27525d2d0e39eed15acb0.exe
"C:\Users\Admin\AppData\Local\Temp\cf6e51a1a12c6e111e6b6ce14157e7982c3ad084ded27525d2d0e39eed15acb0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Users\Admin\AppData\Local\Temp\1F0F0B0C120E156A155E15A0A0B160D0B160C.exe
  C:\Users\Admin\AppData\Local\Temp\1F0F0B0C120E156A155E15A0A0B160D0B160C.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:1984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1F0F0B0C120E156A155E15A0A0B160D0B160C.exe

Filesize
812KB

MD5
a1edcba0729873e8682713ce32b020d2

SHA1
8afd24bfac549bba41956d7fc19746e293883602

SHA256
9848779ed7ebd117da6c9945e5653d886ef4383945fadbefbbdba871eef841ae

SHA512
94e1f54e12e641278a86e24c03b166cb6e45543e01193fab1e02afcfeca11484e3ffeb90edca51b774efaf5850e1be138b10cce6109fc8fecbf337c0d42f62a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\1F0F0B0C120E156A155E15A0A0B160D0B160C.exe

Filesize
812KB

MD5
a1edcba0729873e8682713ce32b020d2

SHA1
8afd24bfac549bba41956d7fc19746e293883602

SHA256
9848779ed7ebd117da6c9945e5653d886ef4383945fadbefbbdba871eef841ae

SHA512
94e1f54e12e641278a86e24c03b166cb6e45543e01193fab1e02afcfeca11484e3ffeb90edca51b774efaf5850e1be138b10cce6109fc8fecbf337c0d42f62a7

Download Submit
\Users\Admin\AppData\Local\Temp\1F0F0B0C120E156A155E15A0A0B160D0B160C.exe

Filesize
812KB

MD5
a1edcba0729873e8682713ce32b020d2

SHA1
8afd24bfac549bba41956d7fc19746e293883602

SHA256
9848779ed7ebd117da6c9945e5653d886ef4383945fadbefbbdba871eef841ae

SHA512
94e1f54e12e641278a86e24c03b166cb6e45543e01193fab1e02afcfeca11484e3ffeb90edca51b774efaf5850e1be138b10cce6109fc8fecbf337c0d42f62a7

Download Submit
\Users\Admin\AppData\Local\Temp\1F0F0B0C120E156A155E15A0A0B160D0B160C.exe

Filesize
812KB

MD5
a1edcba0729873e8682713ce32b020d2

SHA1
8afd24bfac549bba41956d7fc19746e293883602

SHA256
9848779ed7ebd117da6c9945e5653d886ef4383945fadbefbbdba871eef841ae

SHA512
94e1f54e12e641278a86e24c03b166cb6e45543e01193fab1e02afcfeca11484e3ffeb90edca51b774efaf5850e1be138b10cce6109fc8fecbf337c0d42f62a7

Download Submit
memory/1756-1-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/1756-4-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/1756-0-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/1756-11-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/1756-13-0x0000000002010000-0x00000000021BB000-memory.dmp

Filesize
1.7MB

Download
memory/1984-16-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/1984-15-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads