a2017b316f11b57fd92b6f1cd54716f34f0e4432dad66c14db8d35aa4e2dd403

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
12-11-2023 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a2017b316f11b57fd92b6f1cd54716f34f0e4432dad66c14db8d35aa4e2dd403.exe
Size

816KB
MD5

88d8f847bad872199bedfd62a3187c6d
SHA1

4aeb5bfa6313ee5e0bcbe022b7f29a2b7396d5be
SHA256

a2017b316f11b57fd92b6f1cd54716f34f0e4432dad66c14db8d35aa4e2dd403
SHA512

8412923c1be2e179bb9355a282162fda7a958c20e5c205244d62ac64ed9a97003c81e2c171eda58d1f2f03739aaa5cf0ccccff0a4d31fd75d50c8d992a89800c
SSDEEP

24576:AY4G2qLMJalsnqShyoo77lUabuSvbDQOOdIxJsG9D:t3XZynV4oDabuWbDQOcIxJJ9D

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2844	1C0E0C0D120A156F155B15A0D0E160A0F160C.exe

Loads dropped DLL 2 IoCs

pid	Process
2952	a2017b316f11b57fd92b6f1cd54716f34f0e4432dad66c14db8d35aa4e2dd403.exe
2952	a2017b316f11b57fd92b6f1cd54716f34f0e4432dad66c14db8d35aa4e2dd403.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
2952	a2017b316f11b57fd92b6f1cd54716f34f0e4432dad66c14db8d35aa4e2dd403.exe
2844	1C0E0C0D120A156F155B15A0D0E160A0F160C.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 2844	2952	a2017b316f11b57fd92b6f1cd54716f34f0e4432dad66c14db8d35aa4e2dd403.exe	28
PID 2952 wrote to memory of 2844	2952	a2017b316f11b57fd92b6f1cd54716f34f0e4432dad66c14db8d35aa4e2dd403.exe	28
PID 2952 wrote to memory of 2844	2952	a2017b316f11b57fd92b6f1cd54716f34f0e4432dad66c14db8d35aa4e2dd403.exe	28
PID 2952 wrote to memory of 2844	2952	a2017b316f11b57fd92b6f1cd54716f34f0e4432dad66c14db8d35aa4e2dd403.exe	28

C:\Users\Admin\AppData\Local\Temp\a2017b316f11b57fd92b6f1cd54716f34f0e4432dad66c14db8d35aa4e2dd403.exe
"C:\Users\Admin\AppData\Local\Temp\a2017b316f11b57fd92b6f1cd54716f34f0e4432dad66c14db8d35aa4e2dd403.exe"
1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Users\Admin\AppData\Local\Temp\1C0E0C0D120A156F155B15A0D0E160A0F160C.exe
  C:\Users\Admin\AppData\Local\Temp\1C0E0C0D120A156F155B15A0D0E160A0F160C.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1C0E0C0D120A156F155B15A0D0E160A0F160C.exe

Filesize
816KB

MD5
62a5c098e90464f67019dfa14c278799

SHA1
a084c80be04f921ba06ee81179192d9e50412c8d

SHA256
b522b117d12082507b7b014224edd40441357a6f11d8298ea0cf4988c6d12dd9

SHA512
05bf9d44cef3117b1bf025069a0190bf68bd4a8b4332217a757ff5e4e62e0ea4ee06d3b3114333c0b79372a102c1f5fea12f7b9755f493bcd99abf600c307a52

Download Submit
C:\Users\Admin\AppData\Local\Temp\1C0E0C0D120A156F155B15A0D0E160A0F160C.exe

Filesize
816KB

MD5
62a5c098e90464f67019dfa14c278799

SHA1
a084c80be04f921ba06ee81179192d9e50412c8d

SHA256
b522b117d12082507b7b014224edd40441357a6f11d8298ea0cf4988c6d12dd9

SHA512
05bf9d44cef3117b1bf025069a0190bf68bd4a8b4332217a757ff5e4e62e0ea4ee06d3b3114333c0b79372a102c1f5fea12f7b9755f493bcd99abf600c307a52

Download Submit
\Users\Admin\AppData\Local\Temp\1C0E0C0D120A156F155B15A0D0E160A0F160C.exe

Filesize
816KB

MD5
62a5c098e90464f67019dfa14c278799

SHA1
a084c80be04f921ba06ee81179192d9e50412c8d

SHA256
b522b117d12082507b7b014224edd40441357a6f11d8298ea0cf4988c6d12dd9

SHA512
05bf9d44cef3117b1bf025069a0190bf68bd4a8b4332217a757ff5e4e62e0ea4ee06d3b3114333c0b79372a102c1f5fea12f7b9755f493bcd99abf600c307a52

Download Submit
\Users\Admin\AppData\Local\Temp\1C0E0C0D120A156F155B15A0D0E160A0F160C.exe

Filesize
816KB

MD5
62a5c098e90464f67019dfa14c278799

SHA1
a084c80be04f921ba06ee81179192d9e50412c8d

SHA256
b522b117d12082507b7b014224edd40441357a6f11d8298ea0cf4988c6d12dd9

SHA512
05bf9d44cef3117b1bf025069a0190bf68bd4a8b4332217a757ff5e4e62e0ea4ee06d3b3114333c0b79372a102c1f5fea12f7b9755f493bcd99abf600c307a52

Download Submit
memory/2844-13-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/2844-15-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/2844-16-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/2952-0-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/2952-1-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/2952-12-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads