Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22/12/2023, 08:19
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Bulz.164478.2339.9664.exe
Resource
win7-20231215-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Variant.Bulz.164478.2339.9664.exe
Resource
win10v2004-20231215-en
4 signatures
150 seconds
General
-
Target
SecuriteInfo.com.Variant.Bulz.164478.2339.9664.exe
-
Size
1.6MB
-
MD5
bcd129c155913f312e118fb5e7ffbfb7
-
SHA1
791a17089dce418ff8fc6ad0d8e7179694550824
-
SHA256
aa234ac55a093e0d180c69b38df96f963a4c04c61993b30278cf3d2df19f6d18
-
SHA512
e6517c98a457416b3b4eb5635e737375ab47a54e7f86d31dccf246de0e600dd164527e39dbc943724845cacc51e5ed4fdefd186e10c3093bb38258be717f79a8
-
SSDEEP
49152:H6F8mYM39YFW9ujKdQW8GVjDmQG0ZYdAr:HW0WTdQAm2
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2992-0-0x0000000000400000-0x000000000071C000-memory.dmp vmprotect behavioral1/memory/2992-3-0x0000000000400000-0x000000000071C000-memory.dmp vmprotect behavioral1/memory/2992-14-0x0000000000400000-0x000000000071C000-memory.dmp vmprotect behavioral1/memory/2992-15-0x0000000000400000-0x000000000071C000-memory.dmp vmprotect -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 2992 SecuriteInfo.com.Variant.Bulz.164478.2339.9664.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2992 SecuriteInfo.com.Variant.Bulz.164478.2339.9664.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2992 SecuriteInfo.com.Variant.Bulz.164478.2339.9664.exe 2992 SecuriteInfo.com.Variant.Bulz.164478.2339.9664.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Bulz.164478.2339.9664.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Bulz.164478.2339.9664.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2992