b64a93b3d385fb361f3e98aa1d66692b489fc8141432da65144901882d81c09d

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
16/11/2023, 14:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b64a93b3d385fb361f3e98aa1d66692b489fc8141432da65144901882d81c09d.exe
Size

816KB
MD5

6ee742ffcf59c5a1935b0c4ddb524825
SHA1

15b163150b5e6e6fe323ce7e193ef846452e1691
SHA256

b64a93b3d385fb361f3e98aa1d66692b489fc8141432da65144901882d81c09d
SHA512

6517f93b20ba682fe4086334bdc8fb347b008bc3d6822bed5c7285aa8265e3788fe63deb35092e1e69cf154cd94c16be6427895606d78ae9093b9f5633ef95c9
SSDEEP

24576:pY4G2qLMJalsnqShyoo77lUabuSvbDQOOdIxJsG90:G3XZynV4oDabuWbDQOcIxJJ90

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2236	1F0B0E0F120F156D155B15E0E0C160F0D160F.exe

Loads dropped DLL 2 IoCs

pid	Process
1564	b64a93b3d385fb361f3e98aa1d66692b489fc8141432da65144901882d81c09d.exe
1564	b64a93b3d385fb361f3e98aa1d66692b489fc8141432da65144901882d81c09d.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
1564	b64a93b3d385fb361f3e98aa1d66692b489fc8141432da65144901882d81c09d.exe
2236	1F0B0E0F120F156D155B15E0E0C160F0D160F.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1564 wrote to memory of 2236	1564	b64a93b3d385fb361f3e98aa1d66692b489fc8141432da65144901882d81c09d.exe	28
PID 1564 wrote to memory of 2236	1564	b64a93b3d385fb361f3e98aa1d66692b489fc8141432da65144901882d81c09d.exe	28
PID 1564 wrote to memory of 2236	1564	b64a93b3d385fb361f3e98aa1d66692b489fc8141432da65144901882d81c09d.exe	28
PID 1564 wrote to memory of 2236	1564	b64a93b3d385fb361f3e98aa1d66692b489fc8141432da65144901882d81c09d.exe	28

C:\Users\Admin\AppData\Local\Temp\b64a93b3d385fb361f3e98aa1d66692b489fc8141432da65144901882d81c09d.exe
"C:\Users\Admin\AppData\Local\Temp\b64a93b3d385fb361f3e98aa1d66692b489fc8141432da65144901882d81c09d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Users\Admin\AppData\Local\Temp\1F0B0E0F120F156D155B15E0E0C160F0D160F.exe
  C:\Users\Admin\AppData\Local\Temp\1F0B0E0F120F156D155B15E0E0C160F0D160F.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1F0B0E0F120F156D155B15E0E0C160F0D160F.exe

Filesize
816KB

MD5
e1eca54bc7bd552756a246b3c5d69192

SHA1
69741b9d1bd821bdf88e3221f0d5e443f645e695

SHA256
4f180ee14447a657dc23b077961cd07f67cfed53f17ef4fbb6b594afec61af6a

SHA512
0af1815686cc2b89301888b7a342881af2623f08f5331ab05159e85497b7c75e239701083c67c151ea7adb2e4e18b6c64129b71cbc23b53eda692c86a60ea93f

Download Submit
C:\Users\Admin\AppData\Local\Temp\1F0B0E0F120F156D155B15E0E0C160F0D160F.exe

Filesize
816KB

MD5
e1eca54bc7bd552756a246b3c5d69192

SHA1
69741b9d1bd821bdf88e3221f0d5e443f645e695

SHA256
4f180ee14447a657dc23b077961cd07f67cfed53f17ef4fbb6b594afec61af6a

SHA512
0af1815686cc2b89301888b7a342881af2623f08f5331ab05159e85497b7c75e239701083c67c151ea7adb2e4e18b6c64129b71cbc23b53eda692c86a60ea93f

Download Submit
\Users\Admin\AppData\Local\Temp\1F0B0E0F120F156D155B15E0E0C160F0D160F.exe

Filesize
816KB

MD5
e1eca54bc7bd552756a246b3c5d69192

SHA1
69741b9d1bd821bdf88e3221f0d5e443f645e695

SHA256
4f180ee14447a657dc23b077961cd07f67cfed53f17ef4fbb6b594afec61af6a

SHA512
0af1815686cc2b89301888b7a342881af2623f08f5331ab05159e85497b7c75e239701083c67c151ea7adb2e4e18b6c64129b71cbc23b53eda692c86a60ea93f

Download Submit
\Users\Admin\AppData\Local\Temp\1F0B0E0F120F156D155B15E0E0C160F0D160F.exe

Filesize
816KB

MD5
e1eca54bc7bd552756a246b3c5d69192

SHA1
69741b9d1bd821bdf88e3221f0d5e443f645e695

SHA256
4f180ee14447a657dc23b077961cd07f67cfed53f17ef4fbb6b594afec61af6a

SHA512
0af1815686cc2b89301888b7a342881af2623f08f5331ab05159e85497b7c75e239701083c67c151ea7adb2e4e18b6c64129b71cbc23b53eda692c86a60ea93f

Download Submit
memory/1564-0-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/1564-2-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/1564-12-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/2236-14-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/2236-15-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/2236-13-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads