Overview

overview

7

Static

static

3

2f977c818b...66.exe

windows7-x64

7

2f977c818b...66.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    83s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/11/2023, 10:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2f977c818bf571476186de0f1e391d5819a96479f21a0eb65a6f4b67e449ad66.exe

  • Size

    816KB

  • MD5

    8dabefe9b1571ea2dbcf16befaf4b1e7

  • SHA1

    6451a5e27ec38efd0e7a2b21bf04f32c30abf0fc

  • SHA256

    2f977c818bf571476186de0f1e391d5819a96479f21a0eb65a6f4b67e449ad66

  • SHA512

    ba9a9d28cc959ba0b3a17a0d4f4dff31f2d9eca9c0622f8b6c5591f93126125aa0bdce61a048f3b9c9e6bbde1b6d53d33456c7d2e3d5cc052a688dd1e3be8069

  • SSDEEP

    24576:kY4G2qLMJalsnqShyoo77lUabuSvbDQOOdIxJsG90:53XZynV4oDabuWbDQOcIxJJ90

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2f977c818bf571476186de0f1e391d5819a96479f21a0eb65a6f4b67e449ad66.exe
    "C:\Users\Admin\AppData\Local\Temp\2f977c818bf571476186de0f1e391d5819a96479f21a0eb65a6f4b67e449ad66.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:2664
    • C:\Users\Admin\AppData\Local\Temp\1F0F0C0D120A156E155F15E0B0A160C0F160E.exe
      C:\Users\Admin\AppData\Local\Temp\1F0F0C0D120A156E155F15E0B0A160C0F160E.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:2580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1F0F0C0D120A156E155F15E0B0A160C0F160E.exe
    Filesize

    816KB

    MD5

    bf2918ed99678a39f9326c59ab5dbd2c

    SHA1

    816e1d4252a345023a7ee4661679ce27ce2079d9

    SHA256

    1c6459e07126a7c382824958537ede70c0734e7770b8036de7de4a1d692d5dbc

    SHA512

    52dd8848295f510a01a528f3de5ef429cb178804f165262829cd348f9633961ff842c7bfa13f5aa618d7f1c95f599837b8330cda829d1ad5fb5e0df92279b87e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1F0F0C0D120A156E155F15E0B0A160C0F160E.exe
    Filesize

    816KB

    MD5

    bf2918ed99678a39f9326c59ab5dbd2c

    SHA1

    816e1d4252a345023a7ee4661679ce27ce2079d9

    SHA256

    1c6459e07126a7c382824958537ede70c0734e7770b8036de7de4a1d692d5dbc

    SHA512

    52dd8848295f510a01a528f3de5ef429cb178804f165262829cd348f9633961ff842c7bfa13f5aa618d7f1c95f599837b8330cda829d1ad5fb5e0df92279b87e

    Download Submit

  • memory/2580-8-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2580-11-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2580-12-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2664-0-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2664-1-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2664-2-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2664-9-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download