Overview

overview

5

Static

static

3

b9584aa08f...1c.exe

windows7-x64

5

b9584aa08f...1c.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    152s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/10/2023, 20:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b9584aa08f0dda8101e6b2c679d112d5102d44c80d8aa910c29cbf20df3ea11c.exe

  • Size

    1.3MB

  • MD5

    3b066ed8d386182ab068ead6eeb3f56f

  • SHA1

    3be081054832612234ac15aa4693628de481511d

  • SHA256

    b9584aa08f0dda8101e6b2c679d112d5102d44c80d8aa910c29cbf20df3ea11c

  • SHA512

    cbec0e603cae1fdad04afc255a68ba33881d8f90bcc46e8fc5990dcc48cf47eabe05a5fa5cd45d259b038b1ec18e9ae1d4e679cda1226f9485a9a98fb46b1c6e

  • SSDEEP

    24576:UpwVrXW1/BToUFzFx3QP6ADGaWl2fpIUAFuVTp44O5DXqS5OWCSfMqMhl:UWwLTomkCrwfpORhXqS5OeUqM

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 36 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b9584aa08f0dda8101e6b2c679d112d5102d44c80d8aa910c29cbf20df3ea11c.exe
    "C:\Users\Admin\AppData\Local\Temp\b9584aa08f0dda8101e6b2c679d112d5102d44c80d8aa910c29cbf20df3ea11c.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3160
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c color 5
      2⤵
        PID:4712
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c CLS
        2⤵
          PID:4776
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c CLS
          2⤵
            PID:1972
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /c CLS
            2⤵
              PID:1020
            • C:\Windows\system32\cmd.exe
              C:\Windows\system32\cmd.exe /c CLS
              2⤵
                PID:1072
              • C:\Windows\system32\cmd.exe
                C:\Windows\system32\cmd.exe /c CLS
                2⤵
                  PID:2636
                • C:\Windows\system32\cmd.exe
                  C:\Windows\system32\cmd.exe /c CLS
                  2⤵
                    PID:5092
                  • C:\Windows\system32\cmd.exe
                    C:\Windows\system32\cmd.exe /c CLS
                    2⤵
                      PID:1632
                    • C:\Windows\system32\cmd.exe
                      C:\Windows\system32\cmd.exe /c CLS
                      2⤵
                        PID:4328
                      • C:\Windows\system32\cmd.exe
                        C:\Windows\system32\cmd.exe /c CLS
                        2⤵
                          PID:1400
                        • C:\Windows\system32\cmd.exe
                          C:\Windows\system32\cmd.exe /c CLS
                          2⤵
                            PID:4528
                          • C:\Windows\system32\cmd.exe
                            C:\Windows\system32\cmd.exe /c CLS
                            2⤵
                              PID:3840
                            • C:\Windows\system32\cmd.exe
                              C:\Windows\system32\cmd.exe /c CLS
                              2⤵
                                PID:3968
                              • C:\Windows\system32\cmd.exe
                                C:\Windows\system32\cmd.exe /c CLS
                                2⤵
                                  PID:3992
                                • C:\Windows\system32\cmd.exe
                                  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\b9584aa08f0dda8101e6b2c679d112d5102d44c80d8aa910c29cbf20df3ea11c.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
                                  2⤵
                                  • Suspicious use of WriteProcessMemory
                                  PID:2380
                                  • C:\Windows\system32\certutil.exe
                                    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\b9584aa08f0dda8101e6b2c679d112d5102d44c80d8aa910c29cbf20df3ea11c.exe" MD5
                                    3⤵
                                      PID:2260
                                    • C:\Windows\system32\find.exe
                                      find /i /v "md5"
                                      3⤵
                                        PID:464
                                      • C:\Windows\system32\find.exe
                                        find /i /v "certutil"
                                        3⤵
                                          PID:3708

                                    Network

                                          MITRE ATT&CK Matrix

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • memory/3160-0-0x00007FF70DB80000-0x00007FF70DE51000-memory.dmp

                                            Filesize

                                            2.8MB

                                            Download

                                          • memory/3160-1-0x00007FF70DB80000-0x00007FF70DE51000-memory.dmp

                                            Filesize

                                            2.8MB

                                            Download

                                          • memory/3160-4-0x00007FF70DB80000-0x00007FF70DE51000-memory.dmp

                                            Filesize

                                            2.8MB

                                            Download

                                          • memory/3160-2-0x00007FF70DB80000-0x00007FF70DE51000-memory.dmp

                                            Filesize

                                            2.8MB

                                            Download

                                          • memory/3160-5-0x00007FF70DB80000-0x00007FF70DE51000-memory.dmp

                                            Filesize

                                            2.8MB

                                            Download

                                          • memory/3160-6-0x00007FF70DB80000-0x00007FF70DE51000-memory.dmp

                                            Filesize

                                            2.8MB

                                            Download