3116a5fe94a456d3a005fbf1bd6b0ba7b518e4bc217442d09a45764efde2acc4

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
30-10-2023 07:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3116a5fe94a456d3a005fbf1bd6b0ba7b518e4bc217442d09a45764efde2acc4.exe
Size

816KB
MD5

f65810f9cc64599bf0284532cd69abdb
SHA1

2624d27abd05a355ee02815155c7c60880ea6ac3
SHA256

3116a5fe94a456d3a005fbf1bd6b0ba7b518e4bc217442d09a45764efde2acc4
SHA512

f44997c2e1d8999f886bcff9e85b32a475814bdc35647633e5e79253663a362d41283348cd6b2c2cb83edf93706995cb4ee2c18b29670a96ab9bbb891c5a7d11
SSDEEP

24576:fY4G2qLMJalsnqShyoo77lUabuSvbDQOOdIxJsG97:w3XZynV4oDabuWbDQOcIxJJ97

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1056	1C0D0D0A120C156C155B15E0A0B160D0C160D.exe

Loads dropped DLL 2 IoCs

pid	Process
2420	3116a5fe94a456d3a005fbf1bd6b0ba7b518e4bc217442d09a45764efde2acc4.exe
2420	3116a5fe94a456d3a005fbf1bd6b0ba7b518e4bc217442d09a45764efde2acc4.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
2420	3116a5fe94a456d3a005fbf1bd6b0ba7b518e4bc217442d09a45764efde2acc4.exe
1056	1C0D0D0A120C156C155B15E0A0B160D0C160D.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 1056	2420	3116a5fe94a456d3a005fbf1bd6b0ba7b518e4bc217442d09a45764efde2acc4.exe	28
PID 2420 wrote to memory of 1056	2420	3116a5fe94a456d3a005fbf1bd6b0ba7b518e4bc217442d09a45764efde2acc4.exe	28
PID 2420 wrote to memory of 1056	2420	3116a5fe94a456d3a005fbf1bd6b0ba7b518e4bc217442d09a45764efde2acc4.exe	28
PID 2420 wrote to memory of 1056	2420	3116a5fe94a456d3a005fbf1bd6b0ba7b518e4bc217442d09a45764efde2acc4.exe	28

C:\Users\Admin\AppData\Local\Temp\3116a5fe94a456d3a005fbf1bd6b0ba7b518e4bc217442d09a45764efde2acc4.exe
"C:\Users\Admin\AppData\Local\Temp\3116a5fe94a456d3a005fbf1bd6b0ba7b518e4bc217442d09a45764efde2acc4.exe"
1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Users\Admin\AppData\Local\Temp\1C0D0D0A120C156C155B15E0A0B160D0C160D.exe
  C:\Users\Admin\AppData\Local\Temp\1C0D0D0A120C156C155B15E0A0B160D0C160D.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:1056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1C0D0D0A120C156C155B15E0A0B160D0C160D.exe

Filesize
816KB

MD5
71e03e7b93406ca02908d85a73c345bd

SHA1
1b150b84637945f5ece387b87a3e35c49c4c856c

SHA256
c7c54949c0126c2b456877bd658b5adda88fce6c9f34730cec1c546423895084

SHA512
3afddd065781f7917a928b542a86c37b09fd9ea8d9c2e9a57b47706ca8ca45852f8b2f2e5cbf25934950dd6acce4c77d44a8311f6fea6dfb4a147687d9ea23a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\1C0D0D0A120C156C155B15E0A0B160D0C160D.exe

Filesize
816KB

MD5
71e03e7b93406ca02908d85a73c345bd

SHA1
1b150b84637945f5ece387b87a3e35c49c4c856c

SHA256
c7c54949c0126c2b456877bd658b5adda88fce6c9f34730cec1c546423895084

SHA512
3afddd065781f7917a928b542a86c37b09fd9ea8d9c2e9a57b47706ca8ca45852f8b2f2e5cbf25934950dd6acce4c77d44a8311f6fea6dfb4a147687d9ea23a7

Download Submit
\Users\Admin\AppData\Local\Temp\1C0D0D0A120C156C155B15E0A0B160D0C160D.exe

Filesize
816KB

MD5
71e03e7b93406ca02908d85a73c345bd

SHA1
1b150b84637945f5ece387b87a3e35c49c4c856c

SHA256
c7c54949c0126c2b456877bd658b5adda88fce6c9f34730cec1c546423895084

SHA512
3afddd065781f7917a928b542a86c37b09fd9ea8d9c2e9a57b47706ca8ca45852f8b2f2e5cbf25934950dd6acce4c77d44a8311f6fea6dfb4a147687d9ea23a7

Download Submit
\Users\Admin\AppData\Local\Temp\1C0D0D0A120C156C155B15E0A0B160D0C160D.exe

Filesize
816KB

MD5
71e03e7b93406ca02908d85a73c345bd

SHA1
1b150b84637945f5ece387b87a3e35c49c4c856c

SHA256
c7c54949c0126c2b456877bd658b5adda88fce6c9f34730cec1c546423895084

SHA512
3afddd065781f7917a928b542a86c37b09fd9ea8d9c2e9a57b47706ca8ca45852f8b2f2e5cbf25934950dd6acce4c77d44a8311f6fea6dfb4a147687d9ea23a7

Download Submit
memory/1056-14-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/1056-17-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/1056-16-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/2420-0-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/2420-2-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/2420-11-0x0000000002040000-0x00000000021ED000-memory.dmp

Filesize
1.7MB

Download
memory/2420-13-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads