Overview

overview

7

Static

static

3

0ea929833e...3c.exe

windows7-x64

7

0ea929833e...3c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/11/2023, 01:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0ea929833e47ad83539229a38b45223b58fc355271268befc9c6a914eee1933c.exe

  • Size

    816KB

  • MD5

    274dfec4b7a7702a5bfe83d88b77c3e9

  • SHA1

    278cd43618dd43ecf400a61505e0b2bb4bb3f636

  • SHA256

    0ea929833e47ad83539229a38b45223b58fc355271268befc9c6a914eee1933c

  • SHA512

    bfa6222e6bdf0e5cdaf0fc08b7d872e2b6e7f65681a4b45ab3d27377bff5d312a7ae5a54452c3fd064996e30d654d169812dde1c3252672da891a8ad7d2b2fc5

  • SSDEEP

    24576:IY4G2qLMJalsnqShyoo77lUabuSvbDQOOdIxJsG9+:V3XZynV4oDabuWbDQOcIxJJ9+

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ea929833e47ad83539229a38b45223b58fc355271268befc9c6a914eee1933c.exe
    "C:\Users\Admin\AppData\Local\Temp\0ea929833e47ad83539229a38b45223b58fc355271268befc9c6a914eee1933c.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:1580
    • C:\Users\Admin\AppData\Local\Temp\1D0A0F0D120A156B155C15D0B0C160D0A160B.exe
      C:\Users\Admin\AppData\Local\Temp\1D0A0F0D120A156B155C15D0B0C160D0A160B.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:244

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\1D0A0F0D120A156B155C15D0B0C160D0A160B.exe
          Filesize

          816KB

          MD5

          cffd2490dd13d13d2e71c2d6fd1e94ad

          SHA1

          f98b2e87c254ac7196392ad5348809b9b16f4239

          SHA256

          d59c0af221a580d9081f4f4db528d237a50f2a0a7429c9eb42f4d099d66def41

          SHA512

          0ef9c654df57ddc5eefe51f865c5919d8e4fbd6ecd9c8617e43867d0489d93dc745987917014a3dc2dc74541fd4a6baf1953f7e2a1b3ab45a0f3828000d43ac1

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\1D0A0F0D120A156B155C15D0B0C160D0A160B.exe
          Filesize

          816KB

          MD5

          cffd2490dd13d13d2e71c2d6fd1e94ad

          SHA1

          f98b2e87c254ac7196392ad5348809b9b16f4239

          SHA256

          d59c0af221a580d9081f4f4db528d237a50f2a0a7429c9eb42f4d099d66def41

          SHA512

          0ef9c654df57ddc5eefe51f865c5919d8e4fbd6ecd9c8617e43867d0489d93dc745987917014a3dc2dc74541fd4a6baf1953f7e2a1b3ab45a0f3828000d43ac1

          Download Submit

        • memory/244-8-0x0000000000400000-0x00000000005AD000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/244-10-0x0000000000400000-0x00000000005AD000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/244-12-0x0000000000400000-0x00000000005AD000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1580-0-0x0000000000400000-0x00000000005AD000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1580-1-0x0000000000400000-0x00000000005AD000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1580-2-0x0000000000400000-0x00000000005AD000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1580-9-0x0000000000400000-0x00000000005AD000-memory.dmp

          Filesize

          1.7MB

          Download