Overview

overview

7

Static

static

3

b64a93b3d3...9d.exe

windows7-x64

7

b64a93b3d3...9d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/11/2023, 14:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b64a93b3d385fb361f3e98aa1d66692b489fc8141432da65144901882d81c09d.exe

  • Size

    816KB

  • MD5

    6ee742ffcf59c5a1935b0c4ddb524825

  • SHA1

    15b163150b5e6e6fe323ce7e193ef846452e1691

  • SHA256

    b64a93b3d385fb361f3e98aa1d66692b489fc8141432da65144901882d81c09d

  • SHA512

    6517f93b20ba682fe4086334bdc8fb347b008bc3d6822bed5c7285aa8265e3788fe63deb35092e1e69cf154cd94c16be6427895606d78ae9093b9f5633ef95c9

  • SSDEEP

    24576:pY4G2qLMJalsnqShyoo77lUabuSvbDQOOdIxJsG90:G3XZynV4oDabuWbDQOcIxJJ90

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b64a93b3d385fb361f3e98aa1d66692b489fc8141432da65144901882d81c09d.exe
    "C:\Users\Admin\AppData\Local\Temp\b64a93b3d385fb361f3e98aa1d66692b489fc8141432da65144901882d81c09d.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:5036
    • C:\Users\Admin\AppData\Local\Temp\1B0F0A0E120F156F155C15C0B0E160E0C160E.exe
      C:\Users\Admin\AppData\Local\Temp\1B0F0A0E120F156F155C15C0B0E160E0C160E.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:4428

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\1B0F0A0E120F156F155C15C0B0E160E0C160E.exe
          Filesize

          816KB

          MD5

          2d9fb0848d4bda5e75543e14e8bc23e2

          SHA1

          52083ed9551cf270941c2934c6b4a64337abb7b0

          SHA256

          a899e6c5bd74758ab0116b1733c847df8eae93f30224a3d4b1f37fa70ed30334

          SHA512

          af211196cf1e55bb36689b17dc815ed11ea446dce8a3130d9cf6c50e23a34a178a70cc0f0fc57375772a8a4bd5ab7a56358b748fd77d7841aa80ab947cdd569c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\1B0F0A0E120F156F155C15C0B0E160E0C160E.exe
          Filesize

          816KB

          MD5

          2d9fb0848d4bda5e75543e14e8bc23e2

          SHA1

          52083ed9551cf270941c2934c6b4a64337abb7b0

          SHA256

          a899e6c5bd74758ab0116b1733c847df8eae93f30224a3d4b1f37fa70ed30334

          SHA512

          af211196cf1e55bb36689b17dc815ed11ea446dce8a3130d9cf6c50e23a34a178a70cc0f0fc57375772a8a4bd5ab7a56358b748fd77d7841aa80ab947cdd569c

          Download Submit

        • memory/4428-8-0x0000000000400000-0x00000000005AD000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/4428-10-0x0000000000400000-0x00000000005AD000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/4428-11-0x0000000000400000-0x00000000005AD000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/5036-0-0x0000000000400000-0x00000000005AD000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/5036-1-0x0000000000400000-0x00000000005AD000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/5036-4-0x0000000000400000-0x00000000005AD000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/5036-9-0x0000000000400000-0x00000000005AD000-memory.dmp

          Filesize

          1.7MB

          Download