Overview

overview

5

Static

static

3

275a4e4d1e...ce.exe

windows7-x64

5

275a4e4d1e...ce.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    146s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/10/2023, 08:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    275a4e4d1e080f035381875c4362c35056be997da4547b2f41d1787043c0c1ce.exe

  • Size

    6.0MB

  • MD5

    4fdda358addf8df0e0ba7db8cba351c7

  • SHA1

    3a2ee03a91108b802e7bdbffbb4210bd037fcf8d

  • SHA256

    275a4e4d1e080f035381875c4362c35056be997da4547b2f41d1787043c0c1ce

  • SHA512

    980017a270de20d09d613d708072b23b60e9cd3903e81792069323322c142b593d1aaf2c15268d454d3d582de1afe7e79af79c615c2e1be34001e9decf8c53af

  • SSDEEP

    98304:AHFZeB/wtKLBV+x3dgQa77o/DLlKGxTZyKT+uoHO28SZPbMW9Wk:I/TEvZ/77IHZNgI+uL3SZFz

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\275a4e4d1e080f035381875c4362c35056be997da4547b2f41d1787043c0c1ce.exe
    "C:\Users\Admin\AppData\Local\Temp\275a4e4d1e080f035381875c4362c35056be997da4547b2f41d1787043c0c1ce.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:3784
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 664
      2⤵
      • Program crash
      PID:1776
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3784 -ip 3784
    1⤵
      PID:4492

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3784-0-0x0000000000400000-0x00000000009F8000-memory.dmp

      Filesize

      6.0MB

      Download

    • memory/3784-1-0x00000000773A0000-0x00000000775B5000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/3784-3875-0x00000000759E0000-0x0000000075B80000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3784-5884-0x0000000075B80000-0x0000000075BFA000-memory.dmp

      Filesize

      488KB

      Download

    • memory/3784-13069-0x0000000000400000-0x00000000009F8000-memory.dmp

      Filesize

      6.0MB

      Download