8b38c0c92ac1e0b4099febed95503a5d801bf8576f93efe8e58e718d72935afe

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
16/11/2023, 20:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8b38c0c92ac1e0b4099febed95503a5d801bf8576f93efe8e58e718d72935afe.exe
Size

816KB
MD5

1d70af8491314b552119a849e8292ad8
SHA1

1a340813c76aad5fb8144ae846ffecbe72ef76da
SHA256

8b38c0c92ac1e0b4099febed95503a5d801bf8576f93efe8e58e718d72935afe
SHA512

6e0d8f5c40f7354ebaee0c49aac4f059e68b63eefe14af3aa253df7b1d6269fd735d637d1cfb417acea4cd3be495b5e91818084b63b969ad7659c6eb45bcf0a5
SSDEEP

24576:3Y4G2qLMJalsnqShyoo77lUabuSvbDQOOdIxJsG9+:o3XZynV4oDabuWbDQOcIxJJ9+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2496	1D0B0E0A120B156A155C15A0E0F160A0F160D.exe

Loads dropped DLL 2 IoCs

pid	Process
2904	8b38c0c92ac1e0b4099febed95503a5d801bf8576f93efe8e58e718d72935afe.exe
2904	8b38c0c92ac1e0b4099febed95503a5d801bf8576f93efe8e58e718d72935afe.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
2904	8b38c0c92ac1e0b4099febed95503a5d801bf8576f93efe8e58e718d72935afe.exe
2496	1D0B0E0A120B156A155C15A0E0F160A0F160D.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 2496	2904	8b38c0c92ac1e0b4099febed95503a5d801bf8576f93efe8e58e718d72935afe.exe	28
PID 2904 wrote to memory of 2496	2904	8b38c0c92ac1e0b4099febed95503a5d801bf8576f93efe8e58e718d72935afe.exe	28
PID 2904 wrote to memory of 2496	2904	8b38c0c92ac1e0b4099febed95503a5d801bf8576f93efe8e58e718d72935afe.exe	28
PID 2904 wrote to memory of 2496	2904	8b38c0c92ac1e0b4099febed95503a5d801bf8576f93efe8e58e718d72935afe.exe	28

C:\Users\Admin\AppData\Local\Temp\8b38c0c92ac1e0b4099febed95503a5d801bf8576f93efe8e58e718d72935afe.exe
"C:\Users\Admin\AppData\Local\Temp\8b38c0c92ac1e0b4099febed95503a5d801bf8576f93efe8e58e718d72935afe.exe"
1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Users\Admin\AppData\Local\Temp\1D0B0E0A120B156A155C15A0E0F160A0F160D.exe
  C:\Users\Admin\AppData\Local\Temp\1D0B0E0A120B156A155C15A0E0F160A0F160D.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1D0B0E0A120B156A155C15A0E0F160A0F160D.exe

Filesize
816KB

MD5
1ca95bdb155324174d4fc32346e12f0e

SHA1
f7e8960048c4a3f238b07359fc7417353fa6c4a3

SHA256
f9646e4f37d500c2ac18cf6290e81b8a189b64d722d6003e873aa32d6aec98f2

SHA512
9c52602c14d4dfc61250064a78b013aecce974dbc6acbd7cac848435c828d26c705b38ce58122c21535c6fbc82de31536830e760619743e38dd121763d212ea0

Download Submit
C:\Users\Admin\AppData\Local\Temp\1D0B0E0A120B156A155C15A0E0F160A0F160D.exe

Filesize
816KB

MD5
1ca95bdb155324174d4fc32346e12f0e

SHA1
f7e8960048c4a3f238b07359fc7417353fa6c4a3

SHA256
f9646e4f37d500c2ac18cf6290e81b8a189b64d722d6003e873aa32d6aec98f2

SHA512
9c52602c14d4dfc61250064a78b013aecce974dbc6acbd7cac848435c828d26c705b38ce58122c21535c6fbc82de31536830e760619743e38dd121763d212ea0

Download Submit
\Users\Admin\AppData\Local\Temp\1D0B0E0A120B156A155C15A0E0F160A0F160D.exe

Filesize
816KB

MD5
1ca95bdb155324174d4fc32346e12f0e

SHA1
f7e8960048c4a3f238b07359fc7417353fa6c4a3

SHA256
f9646e4f37d500c2ac18cf6290e81b8a189b64d722d6003e873aa32d6aec98f2

SHA512
9c52602c14d4dfc61250064a78b013aecce974dbc6acbd7cac848435c828d26c705b38ce58122c21535c6fbc82de31536830e760619743e38dd121763d212ea0

Download Submit
\Users\Admin\AppData\Local\Temp\1D0B0E0A120B156A155C15A0E0F160A0F160D.exe

Filesize
816KB

MD5
1ca95bdb155324174d4fc32346e12f0e

SHA1
f7e8960048c4a3f238b07359fc7417353fa6c4a3

SHA256
f9646e4f37d500c2ac18cf6290e81b8a189b64d722d6003e873aa32d6aec98f2

SHA512
9c52602c14d4dfc61250064a78b013aecce974dbc6acbd7cac848435c828d26c705b38ce58122c21535c6fbc82de31536830e760619743e38dd121763d212ea0

Download Submit
memory/2496-13-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/2496-14-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/2496-12-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/2904-0-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/2904-1-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download
memory/2904-10-0x0000000000400000-0x00000000005AD000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads