022a6ae69137ab4116487f116d484a77c5d8f0b6a1ee5adb49a418bbcdc0bab1

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
04-09-2023 16:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

022a6ae69137ab4116487f116d484a77c5d8f0b6a1ee5adb49a418bbcdc0bab1.exe
Size

812KB
MD5

7d934671cdac240eaa9a5d022e5b4e3d
SHA1

efb75ead1767389f0ec560045a3ae683a1fe99fb
SHA256

022a6ae69137ab4116487f116d484a77c5d8f0b6a1ee5adb49a418bbcdc0bab1
SHA512

98ebc140149cc3dbe5e195d295bc5847e6f7db1328dc69792b91b734a73d45bced038e329fe2a6fdb9d72df146550e002bc36b3f66036aa234cfdb3c44673818
SSDEEP

12288:BqmytVdB0rPEDb3kCoI641jxy7GHEX2rnAv8MktrOKxp22CMOZ/1Sq:BqxtVfNDb31oT41+aneOrO4p2zMOZ/V

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2904	1B0C0E0D120F156E155A15D0D0D160E0F160F.exe

Loads dropped DLL 2 IoCs

pid	Process
1896	022a6ae69137ab4116487f116d484a77c5d8f0b6a1ee5adb49a418bbcdc0bab1.exe
1896	022a6ae69137ab4116487f116d484a77c5d8f0b6a1ee5adb49a418bbcdc0bab1.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
1896	022a6ae69137ab4116487f116d484a77c5d8f0b6a1ee5adb49a418bbcdc0bab1.exe
2904	1B0C0E0D120F156E155A15D0D0D160E0F160F.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1896 wrote to memory of 2904	1896	022a6ae69137ab4116487f116d484a77c5d8f0b6a1ee5adb49a418bbcdc0bab1.exe	28
PID 1896 wrote to memory of 2904	1896	022a6ae69137ab4116487f116d484a77c5d8f0b6a1ee5adb49a418bbcdc0bab1.exe	28
PID 1896 wrote to memory of 2904	1896	022a6ae69137ab4116487f116d484a77c5d8f0b6a1ee5adb49a418bbcdc0bab1.exe	28
PID 1896 wrote to memory of 2904	1896	022a6ae69137ab4116487f116d484a77c5d8f0b6a1ee5adb49a418bbcdc0bab1.exe	28

C:\Users\Admin\AppData\Local\Temp\022a6ae69137ab4116487f116d484a77c5d8f0b6a1ee5adb49a418bbcdc0bab1.exe
"C:\Users\Admin\AppData\Local\Temp\022a6ae69137ab4116487f116d484a77c5d8f0b6a1ee5adb49a418bbcdc0bab1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:1896
- C:\Users\Admin\AppData\Local\Temp\1B0C0E0D120F156E155A15D0D0D160E0F160F.exe
  C:\Users\Admin\AppData\Local\Temp\1B0C0E0D120F156E155A15D0D0D160E0F160F.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1B0C0E0D120F156E155A15D0D0D160E0F160F.exe

Filesize
812KB

MD5
6e0bdf240d5d9ce5cad0f6a9f933239e

SHA1
e3485030052e8989f4aae3c61c14a9391f2aa136

SHA256
0c7810173c2e3f4723ee2abeb4dc374d9bc9d73e0ad19e8026a380c244aedc55

SHA512
2c54228816a9dc2bb03e0aa1e88d22597a5c25fa41bcde5a19c48d41bef47acee28f3e7c59971041126ed85ca9d9589303e97c64d1771c27e67fd03295b9f6ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\1B0C0E0D120F156E155A15D0D0D160E0F160F.exe

Filesize
812KB

MD5
6e0bdf240d5d9ce5cad0f6a9f933239e

SHA1
e3485030052e8989f4aae3c61c14a9391f2aa136

SHA256
0c7810173c2e3f4723ee2abeb4dc374d9bc9d73e0ad19e8026a380c244aedc55

SHA512
2c54228816a9dc2bb03e0aa1e88d22597a5c25fa41bcde5a19c48d41bef47acee28f3e7c59971041126ed85ca9d9589303e97c64d1771c27e67fd03295b9f6ba

Download Submit
\Users\Admin\AppData\Local\Temp\1B0C0E0D120F156E155A15D0D0D160E0F160F.exe

Filesize
812KB

MD5
6e0bdf240d5d9ce5cad0f6a9f933239e

SHA1
e3485030052e8989f4aae3c61c14a9391f2aa136

SHA256
0c7810173c2e3f4723ee2abeb4dc374d9bc9d73e0ad19e8026a380c244aedc55

SHA512
2c54228816a9dc2bb03e0aa1e88d22597a5c25fa41bcde5a19c48d41bef47acee28f3e7c59971041126ed85ca9d9589303e97c64d1771c27e67fd03295b9f6ba

Download Submit
\Users\Admin\AppData\Local\Temp\1B0C0E0D120F156E155A15D0D0D160E0F160F.exe

Filesize
812KB

MD5
6e0bdf240d5d9ce5cad0f6a9f933239e

SHA1
e3485030052e8989f4aae3c61c14a9391f2aa136

SHA256
0c7810173c2e3f4723ee2abeb4dc374d9bc9d73e0ad19e8026a380c244aedc55

SHA512
2c54228816a9dc2bb03e0aa1e88d22597a5c25fa41bcde5a19c48d41bef47acee28f3e7c59971041126ed85ca9d9589303e97c64d1771c27e67fd03295b9f6ba

Download Submit
memory/1896-0-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/1896-2-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/1896-12-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/2904-13-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/2904-15-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/2904-16-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads