12954da8d252fdb02bc2293a11804c701bc7e1ecd01fd4feb79d40300dd0e578 | Triage

Analysis

max time kernel
149s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 01:08

Sharing

Report Analysis Logs

General

Target

/Client.exe
Size

2.0MB
MD5

9b3ea601933ce069356088d3a2359848
SHA1

aa50484edd009f8ebf8d7c8ad98c66a219a26432
SHA256

ca365663bfe424c2c093be6ab5dee4b64980c7eaaabf9a4be3c868eb8436ad94
SHA512

89a2fee47794eae951ce1dbf06c3ff8e7f1a6ecf7a9aa172a53c6533be0cafaf47bff668e88c4f4483f68dd96a3047798c1c1a58081ae9de60cc657192733992
SSDEEP

49152:ljm4F8QcV1CglPiQLhmU6T+JngKi5MHcB9RfRoRsxZWcvQb:HFZcpPikJJgfM8B9RS2xP4

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

Client.exe

pid process

4696 Client.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

Client.exe

pid process

4696 Client.exe
4696 Client.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

Client.exe

pid process

4696 Client.exe
4696 Client.exe

C:\Users\Admin\AppData\Local\Temp\\Client.exe
"C:\Users\Admin\AppData\Local\Temp\\Client.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4696-0-0x0000000000400000-0x00000000008BA000-memory.dmp

Filesize
4.7MB

Download
memory/4696-1-0x0000000000400000-0x00000000008BA000-memory.dmp

Filesize
4.7MB

Download
memory/4696-4-0x0000000077A00000-0x0000000077A01000-memory.dmp

Filesize
4KB

Download
memory/4696-5-0x0000000000400000-0x00000000008BA000-memory.dmp

Filesize
4.7MB

Download