Analysis
-
max time kernel
157s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
21/12/2023, 21:49
Behavioral task
behavioral1
Sample
0653a11e9915e895339ae0b1e1b4b15b.exe
Resource
win7-20231215-en
11 signatures
150 seconds
General
-
Target
0653a11e9915e895339ae0b1e1b4b15b.exe
-
Size
11.5MB
-
MD5
0653a11e9915e895339ae0b1e1b4b15b
-
SHA1
962de23709fb251081bcfe0c823199e2904fd9ce
-
SHA256
0d22dd434899945a1d3c38e17dbf83a2dae6296ec094c273b2f10a0cc7767fc3
-
SHA512
04d0aaef6b8bee9bdde2e74144c9a9d272bd1d5e738324b8b0ce73a305865ac557f653ac097a451490b8151ec0aef27cea9ed121338374dfc37d974fcc89480c
-
SSDEEP
196608:5ObMJg6Xo+aKw5D2lAWdLFJhJL9UDA8Ea/jlnMTdgNgMPlCzxP9:UIFXoP/DZgrhJLpi/xMTd9m2xP9
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4696-4-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/4696-5-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/4696-8-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/4696-6-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/4696-10-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/4696-12-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/4696-15-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/4696-17-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/4696-19-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/4696-21-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/4696-23-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/4696-25-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/4696-28-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/4696-30-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/4696-32-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/4696-34-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/4696-36-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/4696-39-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/4696-42-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/4696-44-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/4696-46-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/4696-48-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/4696-50-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/4696-51-0x0000000010000000-0x000000001003F000-memory.dmp upx behavioral2/memory/4696-59-0x0000000010000000-0x000000001003F000-memory.dmp upx -
resource yara_rule behavioral2/memory/4696-0-0x0000000000400000-0x0000000000FBF000-memory.dmp vmprotect behavioral2/memory/4696-1-0x0000000000400000-0x0000000000FBF000-memory.dmp vmprotect behavioral2/memory/4696-26-0x0000000000400000-0x0000000000FBF000-memory.dmp vmprotect behavioral2/memory/4696-53-0x0000000003AE0000-0x0000000004154000-memory.dmp vmprotect behavioral2/memory/4696-54-0x0000000003AE0000-0x0000000004154000-memory.dmp vmprotect behavioral2/memory/4696-60-0x0000000003AE0000-0x0000000004154000-memory.dmp vmprotect -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 4696 0653a11e9915e895339ae0b1e1b4b15b.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe 4696 0653a11e9915e895339ae0b1e1b4b15b.exe