Analysis
-
max time kernel
149s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22-12-2023 01:08
Behavioral task
behavioral1
Sample
/Client.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
/Client.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
/getsetup.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
/getsetup.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
/getsetup.hb
Resource
ubuntu1804-amd64-20231222-en
Behavioral task
behavioral6
Sample
/ƶ_C.exe
Resource
win7-20231215-en
Behavioral task
behavioral7
Sample
/ƶ_C.exe
Resource
win10v2004-20231222-en
General
-
Target
/Client.exe
-
Size
2.0MB
-
MD5
9b3ea601933ce069356088d3a2359848
-
SHA1
aa50484edd009f8ebf8d7c8ad98c66a219a26432
-
SHA256
ca365663bfe424c2c093be6ab5dee4b64980c7eaaabf9a4be3c868eb8436ad94
-
SHA512
89a2fee47794eae951ce1dbf06c3ff8e7f1a6ecf7a9aa172a53c6533be0cafaf47bff668e88c4f4483f68dd96a3047798c1c1a58081ae9de60cc657192733992
-
SSDEEP
49152:ljm4F8QcV1CglPiQLhmU6T+JngKi5MHcB9RfRoRsxZWcvQb:HFZcpPikJJgfM8B9RS2xP4
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
Client.exepid process 4696 Client.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
Client.exepid process 4696 Client.exe 4696 Client.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
Client.exepid process 4696 Client.exe 4696 Client.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4696-0-0x0000000000400000-0x00000000008BA000-memory.dmpFilesize
4.7MB
-
memory/4696-1-0x0000000000400000-0x00000000008BA000-memory.dmpFilesize
4.7MB
-
memory/4696-4-0x0000000077A00000-0x0000000077A01000-memory.dmpFilesize
4KB
-
memory/4696-5-0x0000000000400000-0x00000000008BA000-memory.dmpFilesize
4.7MB