b7d7db059c24941e43dd20f56e8c5ea0ebcc283a055a4c27272fa6bb4b1b6e00

Analysis

max time kernel
117s
max time network
128s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 12:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b7d7db059c24941e43dd20f56e8c5ea0ebcc283a055a4c27272fa6bb4b1b6e00.exe
Size

812KB
MD5

f27cbbdac6b7a6f99ebd6997632195ba
SHA1

f98a4d952cc7b21a30351768ce695f6fd1085571
SHA256

b7d7db059c24941e43dd20f56e8c5ea0ebcc283a055a4c27272fa6bb4b1b6e00
SHA512

e40c046115fe38fee8b748832835a89163d446b76525dbfe350c63c133968abb96fe9b6ffb9889912c2687c41584b7dd4c6724e85a8b449d8ef92da6b5fe4628
SSDEEP

12288:4qmytVdB0rPEDb3kCoI641jxy7GHEX2rnAv8MktrOKxp22CMOZ/1Sq:4qxtVfNDb31oT41+aneOrO4p2zMOZ/V

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1456	1A0D0D0A120C156D155E15F0E0C160D0A160F.exe

Loads dropped DLL 2 IoCs

pid	Process
1936	b7d7db059c24941e43dd20f56e8c5ea0ebcc283a055a4c27272fa6bb4b1b6e00.exe
1936	b7d7db059c24941e43dd20f56e8c5ea0ebcc283a055a4c27272fa6bb4b1b6e00.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
1936	b7d7db059c24941e43dd20f56e8c5ea0ebcc283a055a4c27272fa6bb4b1b6e00.exe
1456	1A0D0D0A120C156D155E15F0E0C160D0A160F.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 1456	1936	b7d7db059c24941e43dd20f56e8c5ea0ebcc283a055a4c27272fa6bb4b1b6e00.exe	28
PID 1936 wrote to memory of 1456	1936	b7d7db059c24941e43dd20f56e8c5ea0ebcc283a055a4c27272fa6bb4b1b6e00.exe	28
PID 1936 wrote to memory of 1456	1936	b7d7db059c24941e43dd20f56e8c5ea0ebcc283a055a4c27272fa6bb4b1b6e00.exe	28
PID 1936 wrote to memory of 1456	1936	b7d7db059c24941e43dd20f56e8c5ea0ebcc283a055a4c27272fa6bb4b1b6e00.exe	28

C:\Users\Admin\AppData\Local\Temp\b7d7db059c24941e43dd20f56e8c5ea0ebcc283a055a4c27272fa6bb4b1b6e00.exe
"C:\Users\Admin\AppData\Local\Temp\b7d7db059c24941e43dd20f56e8c5ea0ebcc283a055a4c27272fa6bb4b1b6e00.exe"
1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Users\Admin\AppData\Local\Temp\1A0D0D0A120C156D155E15F0E0C160D0A160F.exe
  C:\Users\Admin\AppData\Local\Temp\1A0D0D0A120C156D155E15F0E0C160D0A160F.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:1456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1A0D0D0A120C156D155E15F0E0C160D0A160F.exe

Filesize
812KB

MD5
7ab64e34c333a282fd82f2221fae2e6e

SHA1
fae506eb7882963642968eb2e048f432c3baa22f

SHA256
79a168b4cd2197154dffc87a58e1b378ff4bb6d6f55d77462df6f95d56295380

SHA512
025acd7961af3bb665c44ca77ea0624119eb9107a01b3b26192c79b09d06af63d0e4e88b2a687a81ebe4eefc777f2a29d0e03dd7ea2da138905ed4ad934ba01d

Download Submit
C:\Users\Admin\AppData\Local\Temp\1A0D0D0A120C156D155E15F0E0C160D0A160F.exe

Filesize
812KB

MD5
7ab64e34c333a282fd82f2221fae2e6e

SHA1
fae506eb7882963642968eb2e048f432c3baa22f

SHA256
79a168b4cd2197154dffc87a58e1b378ff4bb6d6f55d77462df6f95d56295380

SHA512
025acd7961af3bb665c44ca77ea0624119eb9107a01b3b26192c79b09d06af63d0e4e88b2a687a81ebe4eefc777f2a29d0e03dd7ea2da138905ed4ad934ba01d

Download Submit
\Users\Admin\AppData\Local\Temp\1A0D0D0A120C156D155E15F0E0C160D0A160F.exe

Filesize
812KB

MD5
7ab64e34c333a282fd82f2221fae2e6e

SHA1
fae506eb7882963642968eb2e048f432c3baa22f

SHA256
79a168b4cd2197154dffc87a58e1b378ff4bb6d6f55d77462df6f95d56295380

SHA512
025acd7961af3bb665c44ca77ea0624119eb9107a01b3b26192c79b09d06af63d0e4e88b2a687a81ebe4eefc777f2a29d0e03dd7ea2da138905ed4ad934ba01d

Download Submit
\Users\Admin\AppData\Local\Temp\1A0D0D0A120C156D155E15F0E0C160D0A160F.exe

Filesize
812KB

MD5
7ab64e34c333a282fd82f2221fae2e6e

SHA1
fae506eb7882963642968eb2e048f432c3baa22f

SHA256
79a168b4cd2197154dffc87a58e1b378ff4bb6d6f55d77462df6f95d56295380

SHA512
025acd7961af3bb665c44ca77ea0624119eb9107a01b3b26192c79b09d06af63d0e4e88b2a687a81ebe4eefc777f2a29d0e03dd7ea2da138905ed4ad934ba01d

Download Submit
memory/1456-14-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/1456-17-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/1456-16-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/1936-0-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/1936-2-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/1936-1-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/1936-11-0x0000000002040000-0x00000000021EB000-memory.dmp

Filesize
1.7MB

Download
memory/1936-12-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads