Overview

overview

5

Static

static

3

438ed941ef...91.exe

windows7-x64

5

438ed941ef...91.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    125s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-10-2023 16:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    438ed941ef0737f2e41817af3daa1cf2dcb36ce4450c0856a739ab6eaca39891.exe

  • Size

    5.6MB

  • MD5

    1ca760914c505b5dddce866fda6a05d2

  • SHA1

    024b26c8fd1fccbfa3106359cfd5938e6c1f4cb2

  • SHA256

    438ed941ef0737f2e41817af3daa1cf2dcb36ce4450c0856a739ab6eaca39891

  • SHA512

    0ea100823b2778aea9b4e1d69fef32d9eb4133e66193f2f0c15e2ff9ece8d7e5dd1af53b0d05918a2b8d0b3e20a7b7ffff79d80aa4ee7bbdf16491bb31db6b7d

  • SSDEEP

    98304:fTpluSZyJ+BX/eZEYu3f+fuovFdKy3GPrypCnwy24esLP+aBL6WH/ccZpU:flRkkRf+f9rWPupCnrsraBLZv

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\438ed941ef0737f2e41817af3daa1cf2dcb36ce4450c0856a739ab6eaca39891.exe
    "C:\Users\Admin\AppData\Local\Temp\438ed941ef0737f2e41817af3daa1cf2dcb36ce4450c0856a739ab6eaca39891.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1552
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c pause
      2⤵
        PID:1980

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1552-0-0x00007FF618E00000-0x00007FF619802000-memory.dmp

      Filesize

      10.0MB

      Download

    • memory/1552-2-0x00007FFC14AD0000-0x00007FFC14AD2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1552-3-0x00007FFC14AE0000-0x00007FFC14AE2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1552-4-0x00007FF618E00000-0x00007FF619802000-memory.dmp

      Filesize

      10.0MB

      Download

    • memory/1552-8-0x00007FF618E00000-0x00007FF619802000-memory.dmp

      Filesize

      10.0MB

      Download