ff5fa79fb487868ed37281cc7891f22982429db2bf69d304e8c3ef2e3651d30b

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
23/11/2023, 11:06

Target

ff5fa79fb487868ed37281cc7891f22982429db2bf69d304e8c3ef2e3651d30b.exe
Size

3.0MB
MD5

980600dadcd4035179bea20d1ef1c8ba
SHA1

1b410f9a58e1071c97eef91b66c1473e95f72fe2
SHA256

ff5fa79fb487868ed37281cc7891f22982429db2bf69d304e8c3ef2e3651d30b
SHA512

ab54c6edc20a47c175d99365706406f5f69e750593449c6152d254019c2c4cf8def9c7f37139c4c65a4fbe65cba5b9d1a75cd3e873844fad632122ffdf0a0075
SSDEEP

49152:M50b+X3sG5+tu1OASuoI9CbXAsuvOm3RWcF3dtaSCrL:NbRGYtdIPPvp3R33dYr

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2136	ff5fa79fb487868ed37281cc7891f22982429db2bf69d304e8c3ef2e3651d30b.exe

C:\Users\Admin\AppData\Local\Temp\ff5fa79fb487868ed37281cc7891f22982429db2bf69d304e8c3ef2e3651d30b.exe
"C:\Users\Admin\AppData\Local\Temp\ff5fa79fb487868ed37281cc7891f22982429db2bf69d304e8c3ef2e3651d30b.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:2136

memory/2136-0-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2136-1-0x0000000002470000-0x0000000002552000-memory.dmp

Filesize
904KB

Download
memory/2136-2-0x0000000000400000-0x0000000000848000-memory.dmp

Filesize
4.3MB

Download
memory/2136-3-0x0000000002470000-0x0000000002552000-memory.dmp

Filesize
904KB

Download