Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22/12/2023, 00:21
Behavioral task
behavioral1
Sample
34db792b967c14136b90f68945f1eb3b.exe
Resource
win7-20231215-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
34db792b967c14136b90f68945f1eb3b.exe
Resource
win10v2004-20231215-en
3 signatures
150 seconds
General
-
Target
34db792b967c14136b90f68945f1eb3b.exe
-
Size
6.0MB
-
MD5
34db792b967c14136b90f68945f1eb3b
-
SHA1
2f8d743fff74a46467776050b7ae27c118c6502e
-
SHA256
d57cbbe1dffc12f734c4b3dc4c87b65daa83bc651c4d513f2f9643c6614e1639
-
SHA512
5ea85f17bc8f690bb1910dee66fc313fa239e420e8abc952eaa621d50fb860584677be7958fe3a0e74d2a49f2e33d4a73d4715baaec9da61f0d2b78fdb47f0ec
-
SSDEEP
98304:6wv9G12w5d/u5A5tfznVl8233OSVbKjjeFdJ/1uxMuNfp8MHNIMELACpokDWyqr5:6w22mUA5tfplduymjjezJtCMQBdH2MEC
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2252-11-0x000000013F190000-0x000000013FC01000-memory.dmp vmprotect behavioral1/memory/2252-16-0x000000013F190000-0x000000013FC01000-memory.dmp vmprotect behavioral1/memory/2252-0-0x000000013F190000-0x000000013FC01000-memory.dmp vmprotect -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 2252 34db792b967c14136b90f68945f1eb3b.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2252 34db792b967c14136b90f68945f1eb3b.exe