275a4e4d1e080f035381875c4362c35056be997da4547b2f41d1787043c0c1ce

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
07/10/2023, 08:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

275a4e4d1e080f035381875c4362c35056be997da4547b2f41d1787043c0c1ce.exe
Size

6.0MB
MD5

4fdda358addf8df0e0ba7db8cba351c7
SHA1

3a2ee03a91108b802e7bdbffbb4210bd037fcf8d
SHA256

275a4e4d1e080f035381875c4362c35056be997da4547b2f41d1787043c0c1ce
SHA512

980017a270de20d09d613d708072b23b60e9cd3903e81792069323322c142b593d1aaf2c15268d454d3d582de1afe7e79af79c615c2e1be34001e9decf8c53af
SSDEEP

98304:AHFZeB/wtKLBV+x3dgQa77o/DLlKGxTZyKT+uoHO28SZPbMW9Wk:I/TEvZ/77IHZNgI+uL3SZFz

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2988	275a4e4d1e080f035381875c4362c35056be997da4547b2f41d1787043c0c1ce.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2988	275a4e4d1e080f035381875c4362c35056be997da4547b2f41d1787043c0c1ce.exe
2988	275a4e4d1e080f035381875c4362c35056be997da4547b2f41d1787043c0c1ce.exe
2988	275a4e4d1e080f035381875c4362c35056be997da4547b2f41d1787043c0c1ce.exe
2988	275a4e4d1e080f035381875c4362c35056be997da4547b2f41d1787043c0c1ce.exe
2988	275a4e4d1e080f035381875c4362c35056be997da4547b2f41d1787043c0c1ce.exe
2988	275a4e4d1e080f035381875c4362c35056be997da4547b2f41d1787043c0c1ce.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2988	275a4e4d1e080f035381875c4362c35056be997da4547b2f41d1787043c0c1ce.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2988	275a4e4d1e080f035381875c4362c35056be997da4547b2f41d1787043c0c1ce.exe
2988	275a4e4d1e080f035381875c4362c35056be997da4547b2f41d1787043c0c1ce.exe
2988	275a4e4d1e080f035381875c4362c35056be997da4547b2f41d1787043c0c1ce.exe

C:\Users\Admin\AppData\Local\Temp\275a4e4d1e080f035381875c4362c35056be997da4547b2f41d1787043c0c1ce.exe
"C:\Users\Admin\AppData\Local\Temp\275a4e4d1e080f035381875c4362c35056be997da4547b2f41d1787043c0c1ce.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2988-0-0x0000000000400000-0x00000000009F8000-memory.dmp

Filesize
6.0MB

Download
memory/2988-1-0x00000000755D0000-0x0000000075617000-memory.dmp

Filesize
284KB

Download
memory/2988-811-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-814-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-812-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-816-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-818-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-820-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-824-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-822-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-826-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-830-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-828-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-834-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-832-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-836-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-840-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-838-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-844-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-842-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-848-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-846-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-852-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-850-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-858-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-856-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-854-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-860-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-866-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-864-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-862-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-870-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-872-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-868-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-2547-0x00000000025D0000-0x0000000002751000-memory.dmp

Filesize
1.5MB

Download
memory/2988-8686-0x0000000002880000-0x0000000002991000-memory.dmp

Filesize
1.1MB

Download
memory/2988-8688-0x0000000000400000-0x00000000009F8000-memory.dmp

Filesize
6.0MB

Download