Analysis
-
max time kernel
144s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231201-en -
resource tags
-
submitted
08-12-2023 13:52
General
-
Target
a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983.exe
-
Size
3.1MB
-
MD5
7dce839b7c21809203977d1f8e43652e
-
SHA1
97682e8ed74f6d72d651ca7b20538750fa888fe5
-
SHA256
a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983
-
SHA512
551a8bf284fcdf3adc600394cedbfcae86124f18176c2716191a997d84c7bc58bb682949b2a40aad3ced1f51e58eea77e98427e8e46cfcbf9131d5dc6b4c9c10
-
SSDEEP
49152:fYQN8qMwZZp7mPl8aKrz8IgrquVDQPwnXAUW8kB7PBu3OG0vrxUosE:f3drp7Y8lf8I50QP8AUW8U7P4km
Score
10/10
Malware Config
Signatures
-
Detected Ploutus loader 16 IoCs
-
Ploutus
Ploutus is an ATM malware written in C#.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983.exe"C:\Users\Admin\AppData\Local\Temp\a6571aa00e008bfbaf6fd5643edf0013e351ea4d3a7d5e74d3389c9d0d3a9983.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1640-0-0x00000000000E0000-0x0000000000C5A000-memory.dmpFilesize
11.5MB
-
memory/1640-1-0x000000007EBD0000-0x000000007EFA1000-memory.dmpFilesize
3.8MB
-
memory/1640-2-0x0000000074BE0000-0x00000000752CE000-memory.dmpFilesize
6.9MB
-
memory/1640-3-0x00000000000E0000-0x0000000000C5A000-memory.dmpFilesize
11.5MB
-
memory/1640-4-0x0000000007870000-0x00000000078B0000-memory.dmpFilesize
256KB
-
memory/1640-5-0x0000000007870000-0x00000000078B0000-memory.dmpFilesize
256KB
-
memory/1640-6-0x00000000000E0000-0x0000000000C5A000-memory.dmpFilesize
11.5MB
-
memory/1640-7-0x00000000000E0000-0x0000000000C5A000-memory.dmpFilesize
11.5MB
-
memory/1640-8-0x000000007EBD0000-0x000000007EFA1000-memory.dmpFilesize
3.8MB
-
memory/1640-9-0x00000000000E0000-0x0000000000C5A000-memory.dmpFilesize
11.5MB
-
memory/1640-10-0x0000000074BE0000-0x00000000752CE000-memory.dmpFilesize
6.9MB
-
memory/1640-11-0x0000000007870000-0x00000000078B0000-memory.dmpFilesize
256KB
-
memory/1640-12-0x0000000007870000-0x00000000078B0000-memory.dmpFilesize
256KB
-
memory/1640-13-0x00000000000E0000-0x0000000000C5A000-memory.dmpFilesize
11.5MB
-
memory/1640-14-0x00000000000E0000-0x0000000000C5A000-memory.dmpFilesize
11.5MB
-
memory/1640-15-0x00000000000E0000-0x0000000000C5A000-memory.dmpFilesize
11.5MB
-
memory/1640-16-0x00000000000E0000-0x0000000000C5A000-memory.dmpFilesize
11.5MB
-
memory/1640-17-0x00000000000E0000-0x0000000000C5A000-memory.dmpFilesize
11.5MB
-
memory/1640-18-0x00000000000E0000-0x0000000000C5A000-memory.dmpFilesize
11.5MB
-
memory/1640-19-0x00000000000E0000-0x0000000000C5A000-memory.dmpFilesize
11.5MB
-
memory/1640-20-0x00000000000E0000-0x0000000000C5A000-memory.dmpFilesize
11.5MB
-
memory/1640-21-0x00000000000E0000-0x0000000000C5A000-memory.dmpFilesize
11.5MB
-
memory/1640-22-0x00000000000E0000-0x0000000000C5A000-memory.dmpFilesize
11.5MB
-
memory/1640-23-0x00000000000E0000-0x0000000000C5A000-memory.dmpFilesize
11.5MB
-
memory/1640-24-0x00000000000E0000-0x0000000000C5A000-memory.dmpFilesize
11.5MB