Overview

overview

5

Static

static

3

84b5d6d2b9...42.exe

windows7-x64

5

84b5d6d2b9...42.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    147s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/11/2023, 18:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    84b5d6d2b98fd336bed6fc3fc43b4bc3f5f061b5a29c52f9c5f970569d3bd842.exe

  • Size

    8.8MB

  • MD5

    04e0fec0a101445fbf816b765932aa13

  • SHA1

    00c09c55aba2b49bd5b85316500dd7ff90d6742b

  • SHA256

    84b5d6d2b98fd336bed6fc3fc43b4bc3f5f061b5a29c52f9c5f970569d3bd842

  • SHA512

    92fd29aebdb85d5b01c0793e43120926ccd4835b9d424187587ec91e1ff4c6888bd82e6a4122d0145350d6fa2390a4316be438f1e3e682d90c39c220522adad9

  • SSDEEP

    196608:7vyfK/WmfszZ5J4XKErwaQnZ5WvRnrQkzitgQ8iMyk08UrRPM:7JWmfSZ5JeKsi5WvRski98dUrRPM

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 44 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\84b5d6d2b98fd336bed6fc3fc43b4bc3f5f061b5a29c52f9c5f970569d3bd842.exe
    "C:\Users\Admin\AppData\Local\Temp\84b5d6d2b98fd336bed6fc3fc43b4bc3f5f061b5a29c52f9c5f970569d3bd842.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:5008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5008-0-0x0000000000400000-0x0000000001B55000-memory.dmp

    Filesize

    23.3MB

    Download

  • memory/5008-1-0x0000000002130000-0x0000000002131000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5008-2-0x0000000002140000-0x0000000002141000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5008-3-0x0000000002150000-0x0000000002151000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5008-4-0x0000000000400000-0x0000000001B55000-memory.dmp

    Filesize

    23.3MB

    Download

  • memory/5008-5-0x0000000003A30000-0x0000000003A31000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5008-6-0x0000000003A40000-0x0000000003A41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5008-7-0x0000000003A50000-0x0000000003A51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5008-10-0x0000000003A70000-0x0000000003A71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5008-9-0x0000000003A60000-0x0000000003A61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5008-11-0x0000000000400000-0x0000000001B55000-memory.dmp

    Filesize

    23.3MB

    Download

  • memory/5008-13-0x0000000010000000-0x0000000010059000-memory.dmp

    Filesize

    356KB

    Download

  • memory/5008-14-0x0000000000400000-0x0000000001B55000-memory.dmp

    Filesize

    23.3MB

    Download

  • memory/5008-15-0x0000000000400000-0x0000000001B55000-memory.dmp

    Filesize

    23.3MB

    Download