Overview

overview

7

Static

static

3

893f957381...0f.exe

windows7-x64

7

893f957381...0f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    158s
  • max time network
    165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-10-2023 13:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    893f957381cfe0a589fc30ce7f0f426e6ea964e46a22bb32d77a4d78c876110f.exe

  • Size

    812KB

  • MD5

    9b2e5e35b30921d711682e78e04ffb4f

  • SHA1

    2ba14626f620999cc1769eb799cb414c4b6878b8

  • SHA256

    893f957381cfe0a589fc30ce7f0f426e6ea964e46a22bb32d77a4d78c876110f

  • SHA512

    bfa60586ee091c290bc313a2e7123afa3898c4a98abfce46e2830a47c1092ed241e52efe84c9ad70a6bbbd72041c2c2e99c3a9d8922366be8e08a335d0cdf93c

  • SSDEEP

    12288:9qmytVdB0rPEDb3kCoI641jxy7GHEX2rnAv8MktrOKxp22CMOZ/1Sq:9qxtVfNDb31oT41+aneOrO4p2zMOZ/V

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\893f957381cfe0a589fc30ce7f0f426e6ea964e46a22bb32d77a4d78c876110f.exe
    "C:\Users\Admin\AppData\Local\Temp\893f957381cfe0a589fc30ce7f0f426e6ea964e46a22bb32d77a4d78c876110f.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:1780
    • C:\Users\Admin\AppData\Local\Temp\1E0E0C0D120D156C155F15B0A0F160B0C160E.exe
      C:\Users\Admin\AppData\Local\Temp\1E0E0C0D120D156C155F15B0A0F160B0C160E.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:4196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1E0E0C0D120D156C155F15B0A0F160B0C160E.exe
    Filesize

    812KB

    MD5

    0cd6340aece8109a301975af609403dd

    SHA1

    b4146792280f3050346fee1031bba22ea4282934

    SHA256

    6d68ecf87eb6ba4a3dd788796fd37c20c8f7b35fd270b42e86ed0da46205443a

    SHA512

    44504219131eb440cf3dd36288f7bf0123ce69b00b3deecf56f016c9fb207722af6dab10b956f084495ea60bc640e506b358fc1ad65c412a6f39920291d287ba

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1E0E0C0D120D156C155F15B0A0F160B0C160E.exe
    Filesize

    812KB

    MD5

    0cd6340aece8109a301975af609403dd

    SHA1

    b4146792280f3050346fee1031bba22ea4282934

    SHA256

    6d68ecf87eb6ba4a3dd788796fd37c20c8f7b35fd270b42e86ed0da46205443a

    SHA512

    44504219131eb440cf3dd36288f7bf0123ce69b00b3deecf56f016c9fb207722af6dab10b956f084495ea60bc640e506b358fc1ad65c412a6f39920291d287ba

    Download Submit

  • memory/1780-0-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1780-2-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1780-9-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/4196-8-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/4196-11-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/4196-12-0x0000000000400000-0x00000000005AB000-memory.dmp

    Filesize

    1.7MB

    Download