Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
08-12-2023 08:26
Static task
static1
Behavioral task
behavioral1
Sample
eb8d529d8bfef2490cac29b9164747a20b7b35f5d9c95d804f35063b89ced160.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
eb8d529d8bfef2490cac29b9164747a20b7b35f5d9c95d804f35063b89ced160.exe
Resource
win10v2004-20231127-en
General
-
Target
eb8d529d8bfef2490cac29b9164747a20b7b35f5d9c95d804f35063b89ced160.exe
-
Size
1.0MB
-
MD5
1d17fe888acd6925aea0873f960c1ef9
-
SHA1
ee25912e968672ea0fc86afae694934d85b95b7c
-
SHA256
eb8d529d8bfef2490cac29b9164747a20b7b35f5d9c95d804f35063b89ced160
-
SHA512
eef7e546886aa9280ba9be406a767d09ec6886f58fc90f4802ec4f4749b99f171f280f5a8c4493dde746a1d84c61f772cf2fddc62a1ca2b5f63919386880be42
-
SSDEEP
24576:KOZfhw007QHFaPQlcr4mrO9oSxPi2qvOwBrDqi:19eelrc4mrjSxq2WfH
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
eb8d529d8bfef2490cac29b9164747a20b7b35f5d9c95d804f35063b89ced160.exepid process 2924 eb8d529d8bfef2490cac29b9164747a20b7b35f5d9c95d804f35063b89ced160.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 14 IoCs
Processes:
eb8d529d8bfef2490cac29b9164747a20b7b35f5d9c95d804f35063b89ced160.exepid process 2924 eb8d529d8bfef2490cac29b9164747a20b7b35f5d9c95d804f35063b89ced160.exe 2924 eb8d529d8bfef2490cac29b9164747a20b7b35f5d9c95d804f35063b89ced160.exe 2924 eb8d529d8bfef2490cac29b9164747a20b7b35f5d9c95d804f35063b89ced160.exe 2924 eb8d529d8bfef2490cac29b9164747a20b7b35f5d9c95d804f35063b89ced160.exe 2924 eb8d529d8bfef2490cac29b9164747a20b7b35f5d9c95d804f35063b89ced160.exe 2924 eb8d529d8bfef2490cac29b9164747a20b7b35f5d9c95d804f35063b89ced160.exe 2924 eb8d529d8bfef2490cac29b9164747a20b7b35f5d9c95d804f35063b89ced160.exe 2924 eb8d529d8bfef2490cac29b9164747a20b7b35f5d9c95d804f35063b89ced160.exe 2924 eb8d529d8bfef2490cac29b9164747a20b7b35f5d9c95d804f35063b89ced160.exe 2924 eb8d529d8bfef2490cac29b9164747a20b7b35f5d9c95d804f35063b89ced160.exe 2924 eb8d529d8bfef2490cac29b9164747a20b7b35f5d9c95d804f35063b89ced160.exe 2924 eb8d529d8bfef2490cac29b9164747a20b7b35f5d9c95d804f35063b89ced160.exe 2924 eb8d529d8bfef2490cac29b9164747a20b7b35f5d9c95d804f35063b89ced160.exe 2924 eb8d529d8bfef2490cac29b9164747a20b7b35f5d9c95d804f35063b89ced160.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
eb8d529d8bfef2490cac29b9164747a20b7b35f5d9c95d804f35063b89ced160.exedescription pid process Token: SeDebugPrivilege 2924 eb8d529d8bfef2490cac29b9164747a20b7b35f5d9c95d804f35063b89ced160.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\eb8d529d8bfef2490cac29b9164747a20b7b35f5d9c95d804f35063b89ced160.exe"C:\Users\Admin\AppData\Local\Temp\eb8d529d8bfef2490cac29b9164747a20b7b35f5d9c95d804f35063b89ced160.exe"1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\XWRtm00_{FC471E17-C53A-2AF8-0237-CDC69D5167C3}.dllFilesize
113KB
MD5f45589ea62da9fc470776bb40bae1f7e
SHA119f81b3070c94bc00f19048e8c77963a054a302a
SHA2564fc73ae9743794896c04e4391f32d52de8a0323a1507bc9dc4a3b5df2035f180
SHA512e0e7d21acce68deb159f3a811b12f16ed66c3bdbcda26374abed2bae9ba3d1c9f6e246cf7bf4b28f25f35f4d6c3b0c9cbc1141152a3a6d53edd8384cf29d1a4c
-
memory/2924-0-0x000000013F9F0000-0x000000013FAF8000-memory.dmpFilesize
1.0MB
-
memory/2924-1-0x000007FEF5720000-0x000007FEF610C000-memory.dmpFilesize
9.9MB
-
memory/2924-2-0x000000001B2A0000-0x000000001B376000-memory.dmpFilesize
856KB
-
memory/2924-3-0x000000013FAD5000-0x000000013FAD6000-memory.dmpFilesize
4KB
-
memory/2924-18-0x000007FEF5720000-0x000007FEF610C000-memory.dmpFilesize
9.9MB