Overview

overview

7

Static

static

3

b7d7db059c...00.exe

windows7-x64

7

b7d7db059c...00.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-10-2023 12:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b7d7db059c24941e43dd20f56e8c5ea0ebcc283a055a4c27272fa6bb4b1b6e00.exe

  • Size

    812KB

  • MD5

    f27cbbdac6b7a6f99ebd6997632195ba

  • SHA1

    f98a4d952cc7b21a30351768ce695f6fd1085571

  • SHA256

    b7d7db059c24941e43dd20f56e8c5ea0ebcc283a055a4c27272fa6bb4b1b6e00

  • SHA512

    e40c046115fe38fee8b748832835a89163d446b76525dbfe350c63c133968abb96fe9b6ffb9889912c2687c41584b7dd4c6724e85a8b449d8ef92da6b5fe4628

  • SSDEEP

    12288:4qmytVdB0rPEDb3kCoI641jxy7GHEX2rnAv8MktrOKxp22CMOZ/1Sq:4qxtVfNDb31oT41+aneOrO4p2zMOZ/V

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b7d7db059c24941e43dd20f56e8c5ea0ebcc283a055a4c27272fa6bb4b1b6e00.exe
    "C:\Users\Admin\AppData\Local\Temp\b7d7db059c24941e43dd20f56e8c5ea0ebcc283a055a4c27272fa6bb4b1b6e00.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:4468
    • C:\Users\Admin\AppData\Local\Temp\1C0A0F0A120B156A155F15D0B0D160B0B160A.exe
      C:\Users\Admin\AppData\Local\Temp\1C0A0F0A120B156A155F15D0B0D160B0B160A.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:3604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1C0A0F0A120B156A155F15D0B0D160B0B160A.exe
    Filesize

    812KB

    MD5

    05616255821e9659595aa28d0094a4ce

    SHA1

    c9b2dab38bd806c0942f14a7c1ececb7279e3613

    SHA256

    7c78752e4326b14f33e8d62a5c9fba37d8f80e5e44ac432edb770c811c895fb7

    SHA512

    a92db79d5b8ea245d86d53c1e3ccc6f826bb3c768f73fc17f00a9e21f1d848ec862602b8f35c96f7b0421d021bb03170fd8806abddf9673d014aa8641e00103d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1C0A0F0A120B156A155F15D0B0D160B0B160A.exe
    Filesize

    812KB

    MD5

    05616255821e9659595aa28d0094a4ce

    SHA1

    c9b2dab38bd806c0942f14a7c1ececb7279e3613

    SHA256

    7c78752e4326b14f33e8d62a5c9fba37d8f80e5e44ac432edb770c811c895fb7

    SHA512

    a92db79d5b8ea245d86d53c1e3ccc6f826bb3c768f73fc17f00a9e21f1d848ec862602b8f35c96f7b0421d021bb03170fd8806abddf9673d014aa8641e00103d

    Download Submit

  • memory/3604-8-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3604-11-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3604-12-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/4468-0-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/4468-2-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/4468-9-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download