Overview

overview

7

Static

static

3

d8574c806f...d4.exe

windows7-x64

7

d8574c806f...d4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 10:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d8574c806fff080d66c185d0947e03e1f0f361393c6574c1b07ac9d59386c2d4.exe

  • Size

    812KB

  • MD5

    2b58b8c78c57f228f65ce3e3ff59c009

  • SHA1

    7006b5f7731785f6b79cfa24e52588db96c0a66f

  • SHA256

    d8574c806fff080d66c185d0947e03e1f0f361393c6574c1b07ac9d59386c2d4

  • SHA512

    3e25797ab9ecb338befaf641734474ad77043d0efaa1451b68d2ddd8e63dc03da153699a94dc749544874aacd27efeb92a74afe0a5394f8a5b1d875862ce7607

  • SSDEEP

    12288:zqmytVdB0rPEDb3kCoI641jxy7GHEX2rnAv8MktrOKxp22CMOZ/1Sq:zqxtVfNDb31oT41+aneOrO4p2zMOZ/V

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d8574c806fff080d66c185d0947e03e1f0f361393c6574c1b07ac9d59386c2d4.exe
    "C:\Users\Admin\AppData\Local\Temp\d8574c806fff080d66c185d0947e03e1f0f361393c6574c1b07ac9d59386c2d4.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:4712
    • C:\Users\Admin\AppData\Local\Temp\1C0E0E0F120B156C155C15F0A0D160A0F160B.exe
      C:\Users\Admin\AppData\Local\Temp\1C0E0E0F120B156C155C15F0A0D160A0F160B.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:2112

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\1C0E0E0F120B156C155C15F0A0D160A0F160B.exe
          Filesize

          812KB

          MD5

          03b8db4d4c1cf4e91026a175309d9699

          SHA1

          dec687d942062e4f2b18fbb47fa633a71d7b6cdd

          SHA256

          f0ac6d9f752952359c1da9012e2e1b568698860cbf5c909fd82ee55c0df3a264

          SHA512

          202f6d4301258c409a9c3803fd31fd53601c42e5cf01234092f670e5dca1a87eba0ae3e96282d0030e7c02d2d410ad5c3d9beb8e39b94a256cb6d92bee21bf23

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\1C0E0E0F120B156C155C15F0A0D160A0F160B.exe
          Filesize

          812KB

          MD5

          03b8db4d4c1cf4e91026a175309d9699

          SHA1

          dec687d942062e4f2b18fbb47fa633a71d7b6cdd

          SHA256

          f0ac6d9f752952359c1da9012e2e1b568698860cbf5c909fd82ee55c0df3a264

          SHA512

          202f6d4301258c409a9c3803fd31fd53601c42e5cf01234092f670e5dca1a87eba0ae3e96282d0030e7c02d2d410ad5c3d9beb8e39b94a256cb6d92bee21bf23

          Download Submit

        • memory/2112-8-0x0000000000400000-0x00000000005AB000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2112-11-0x0000000000400000-0x00000000005AB000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/2112-12-0x0000000000400000-0x00000000005AB000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/4712-0-0x0000000000400000-0x00000000005AB000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/4712-2-0x0000000000400000-0x00000000005AB000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/4712-9-0x0000000000400000-0x00000000005AB000-memory.dmp

          Filesize

          1.7MB

          Download