3c86a10628ee4d69fe6da33eba87576a9edf3637e284745c94b1a4c3a8be86eb

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
27/11/2023, 05:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c86a10628ee4d69fe6da33eba87576a9edf3637e284745c94b1a4c3a8be86eb.exe
Size

5.5MB
MD5

e17a264b52400a5719e44a9d4ab258d4
SHA1

2ca876d3f3d1f89e1b25d4c128fe4eb85be789d1
SHA256

3c86a10628ee4d69fe6da33eba87576a9edf3637e284745c94b1a4c3a8be86eb
SHA512

ffe255ca55bad4a6a7087afbd8989ef9279c11b4a5b945e19ed0852fb41df5ba2b1bb001bd09c219df6cf780fa7d5f739a55f78c8055261c780ea711d9ae46f1
SSDEEP

98304:JwfMNHfhCxKnq+NaSt0TfCP158+VnlEPmvQ06aZeaNJ/Zd8rv:9ZPNaeGYy+VnlXvQMZP8

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
2108	3c86a10628ee4d69fe6da33eba87576a9edf3637e284745c94b1a4c3a8be86eb.exe
2108	3c86a10628ee4d69fe6da33eba87576a9edf3637e284745c94b1a4c3a8be86eb.exe
2108	3c86a10628ee4d69fe6da33eba87576a9edf3637e284745c94b1a4c3a8be86eb.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2108	3c86a10628ee4d69fe6da33eba87576a9edf3637e284745c94b1a4c3a8be86eb.exe
2108	3c86a10628ee4d69fe6da33eba87576a9edf3637e284745c94b1a4c3a8be86eb.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2108	3c86a10628ee4d69fe6da33eba87576a9edf3637e284745c94b1a4c3a8be86eb.exe
Token: SeDebugPrivilege	2108	3c86a10628ee4d69fe6da33eba87576a9edf3637e284745c94b1a4c3a8be86eb.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2108	3c86a10628ee4d69fe6da33eba87576a9edf3637e284745c94b1a4c3a8be86eb.exe

C:\Users\Admin\AppData\Local\Temp\3c86a10628ee4d69fe6da33eba87576a9edf3637e284745c94b1a4c3a8be86eb.exe
"C:\Users\Admin\AppData\Local\Temp\3c86a10628ee4d69fe6da33eba87576a9edf3637e284745c94b1a4c3a8be86eb.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2108-0-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/2108-2-0x0000000000400000-0x0000000000996000-memory.dmp

Filesize
5.6MB

Download
memory/2108-3-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/2108-5-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/2108-6-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/2108-8-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/2108-10-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/2108-13-0x0000000000200000-0x0000000000201000-memory.dmp

Filesize
4KB

Download
memory/2108-15-0x0000000000200000-0x0000000000201000-memory.dmp

Filesize
4KB

Download
memory/2108-18-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2108-20-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2108-23-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2108-25-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2108-28-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2108-30-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2108-31-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2108-33-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2108-35-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2108-38-0x000000006D430000-0x000000006D440000-memory.dmp

Filesize
64KB

Download
memory/2108-39-0x0000000002720000-0x00000000027FC000-memory.dmp

Filesize
880KB

Download
memory/2108-43-0x000000006D430000-0x000000006D440000-memory.dmp

Filesize
64KB

Download
memory/2108-47-0x000000006D430000-0x000000006D440000-memory.dmp

Filesize
64KB

Download
memory/2108-51-0x00000000774F0000-0x00000000774F2000-memory.dmp

Filesize
8KB

Download
memory/2108-57-0x00000000774F0000-0x00000000774F1000-memory.dmp

Filesize
4KB

Download
memory/2108-59-0x0000000000400000-0x0000000000996000-memory.dmp

Filesize
5.6MB

Download
memory/2108-76-0x0000000000400000-0x0000000000996000-memory.dmp

Filesize
5.6MB

Download