86f3a9be7c388218b90363cd2dd43084437b39cc41077795e1b44fbb359eb094

General

Target

86f3a9be7c388218b90363cd2dd43084437b39cc41077795e1b44fbb359eb094.exe
Size

11.7MB
MD5

62bd23df13f89aa8c130d7f24d165ecf
SHA1

e3391364bd01f7fdaf7db526fa8b4682b8e27d5d
SHA256

86f3a9be7c388218b90363cd2dd43084437b39cc41077795e1b44fbb359eb094
SHA512

8a10b63e3ef1c220c41db9ce1d0c69539d42f35aec49fa4d6431125bff084e957e4ef9e641e62b3dbe9e3dbce9d943f7f97e9e912a836f45db7525c22ed4a9eb
SSDEEP

196608:EDmiK8IUOOAc6o6Bn4q/xkrNoqhK2TbRAXsgZk4+t1fe5xcsWEJTqvJ3eKSLTbpq:EijNDcgeq/xkCR2+XsgZkVtYcbEVqvJo

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1076	cmd.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1400	86f3a9be7c388218b90363cd2dd43084437b39cc41077795e1b44fbb359eb094.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1400	86f3a9be7c388218b90363cd2dd43084437b39cc41077795e1b44fbb359eb094.exe
1400	86f3a9be7c388218b90363cd2dd43084437b39cc41077795e1b44fbb359eb094.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1400	86f3a9be7c388218b90363cd2dd43084437b39cc41077795e1b44fbb359eb094.exe
1400	86f3a9be7c388218b90363cd2dd43084437b39cc41077795e1b44fbb359eb094.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
1400	86f3a9be7c388218b90363cd2dd43084437b39cc41077795e1b44fbb359eb094.exe
1400	86f3a9be7c388218b90363cd2dd43084437b39cc41077795e1b44fbb359eb094.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1400	86f3a9be7c388218b90363cd2dd43084437b39cc41077795e1b44fbb359eb094.exe
1400	86f3a9be7c388218b90363cd2dd43084437b39cc41077795e1b44fbb359eb094.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 1076	1400	86f3a9be7c388218b90363cd2dd43084437b39cc41077795e1b44fbb359eb094.exe	30
PID 1400 wrote to memory of 1076	1400	86f3a9be7c388218b90363cd2dd43084437b39cc41077795e1b44fbb359eb094.exe	30
PID 1400 wrote to memory of 1076	1400	86f3a9be7c388218b90363cd2dd43084437b39cc41077795e1b44fbb359eb094.exe	30
PID 1400 wrote to memory of 1076	1400	86f3a9be7c388218b90363cd2dd43084437b39cc41077795e1b44fbb359eb094.exe	30

C:\Users\Admin\AppData\Local\Temp\86f3a9be7c388218b90363cd2dd43084437b39cc41077795e1b44fbb359eb094.exe
"C:\Users\Admin\AppData\Local\Temp\86f3a9be7c388218b90363cd2dd43084437b39cc41077795e1b44fbb359eb094.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\×ÔÉ±.bat
  2⤵
  - Deletes itself
  PID:1076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\86f3a9be7c388218b90363cd2dd43084437b39cc41077795e1b44fbb359eb094.exe1.exe

Filesize
11.7MB

MD5
d523c06e2829d2916547625f1ab70ed5

SHA1
8083b1a6dd3e36107b18752d357fa8fb44e63efb

SHA256
64a4bd5d0dbdc652689e60741934a06311611a814d3a10a1ee9289bd5d0502e3

SHA512
d5bef310bafda3b190a6104130a46723b99448c05a3b34562259b906d65a838070d22a0c414f5c6cd0c302b2d64caf4ba941c632820d6d8c55e82792a053d8b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\×ÔÉ±.bat

Filesize
557B

MD5
f377d3f2fb4b529ea1b4ce3e0479782c

SHA1
64067f5c2a3f32efb48a7b1e534383d5f21a2cc0

SHA256
fc7c92357ff9a31497c02208cefe953e3fcfbd9c79357b3689db530262e3a1ba

SHA512
edb0bf3cc82007d5c03d9b2820e4a927bd9443e9f6965cd819df4ab67321a0e5fccd145705b9f656adce3005516f254deaaa91b14d98f6565b52bef41b83a354

Download Submit
C:\Users\Admin\AppData\Local\Temp\×ÔÉ±.bat

Filesize
557B

MD5
f377d3f2fb4b529ea1b4ce3e0479782c

SHA1
64067f5c2a3f32efb48a7b1e534383d5f21a2cc0

SHA256
fc7c92357ff9a31497c02208cefe953e3fcfbd9c79357b3689db530262e3a1ba

SHA512
edb0bf3cc82007d5c03d9b2820e4a927bd9443e9f6965cd819df4ab67321a0e5fccd145705b9f656adce3005516f254deaaa91b14d98f6565b52bef41b83a354

Download Submit
memory/1400-24-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/1400-29-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/1400-8-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/1400-12-0x0000000000400000-0x000000000259C000-memory.dmp

Filesize
33.6MB

Download
memory/1400-10-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/1400-14-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/1400-16-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/1400-19-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/1400-21-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/1400-0-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1400-26-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/1400-6-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/1400-31-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/1400-32-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/1400-34-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/1400-36-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/1400-41-0x0000000000400000-0x000000000259C000-memory.dmp

Filesize
33.6MB

Download
memory/1400-5-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1400-4-0x0000000000400000-0x000000000259C000-memory.dmp

Filesize
33.6MB

Download
memory/1400-51-0x0000000000400000-0x000000000259C000-memory.dmp

Filesize
33.6MB

Download
memory/1400-2-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing