Overview

overview

7

Static

static

3

7ef4f902d5...ed.exe

windows7-x64

7

7ef4f902d5...ed.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    84s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 04:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7ef4f902d54f75ef64e267488bcb958b5ef3e084b664379869c0329b4f1a36ed.exe

  • Size

    816KB

  • MD5

    ab8e3ac80bcfc231f6bacefb384fa502

  • SHA1

    d096473873b9fdcad861261358f39ce670034a48

  • SHA256

    7ef4f902d54f75ef64e267488bcb958b5ef3e084b664379869c0329b4f1a36ed

  • SHA512

    7ee42d0c8477093c4659f4878b2e2059f2c13c55d1ace7be827232da9567875db8cdf18eb4edf118e777efe4e34b4a9621bd4678c0fd7b9bc1a2fe4a451c61f6

  • SSDEEP

    24576:wY4G2qLMJalsnqShyoo77lUabuSvbDQOOdIxJsG9u:d3XZynV4oDabuWbDQOcIxJJ9u

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7ef4f902d54f75ef64e267488bcb958b5ef3e084b664379869c0329b4f1a36ed.exe
    "C:\Users\Admin\AppData\Local\Temp\7ef4f902d54f75ef64e267488bcb958b5ef3e084b664379869c0329b4f1a36ed.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:1056
    • C:\Users\Admin\AppData\Local\Temp\1C0E0D0A120F156F155C15F0C0D160C0C160B.exe
      C:\Users\Admin\AppData\Local\Temp\1C0E0D0A120F156F155C15F0C0D160C0C160B.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:2520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1C0E0D0A120F156F155C15F0C0D160C0C160B.exe
    Filesize

    816KB

    MD5

    cf84f4de90d94b10a51eaeef6b6a1228

    SHA1

    d80755b3e08931dcd0734f787545e0ead0b72bbe

    SHA256

    0e4d778823535019d5e30b4707c429e689977371abc47acca87db82c1679daa7

    SHA512

    fb9080b56e27c3cad211d9408521c1f830fcc7faedd141834a4230c70d7ba47da6531968f3387d78d37a752ddae8d81fe9ab4fad5888a2306a71031fd690b57f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1C0E0D0A120F156F155C15F0C0D160C0C160B.exe
    Filesize

    816KB

    MD5

    cf84f4de90d94b10a51eaeef6b6a1228

    SHA1

    d80755b3e08931dcd0734f787545e0ead0b72bbe

    SHA256

    0e4d778823535019d5e30b4707c429e689977371abc47acca87db82c1679daa7

    SHA512

    fb9080b56e27c3cad211d9408521c1f830fcc7faedd141834a4230c70d7ba47da6531968f3387d78d37a752ddae8d81fe9ab4fad5888a2306a71031fd690b57f

    Download Submit

  • memory/1056-0-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1056-2-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1056-9-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2520-8-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2520-11-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2520-12-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download