Overview

overview

5

Static

static

1

37e0d08c67...2d.exe

windows7-x64

5

37e0d08c67...2d.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    146s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 19:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    37e0d08c67a17153a7d187e17fcf3d2d.exe

  • Size

    1.5MB

  • MD5

    37e0d08c67a17153a7d187e17fcf3d2d

  • SHA1

    521394ba8fcd9ac69989f822df75650c13744210

  • SHA256

    1157fe44f9d035a26428212e7f21bfac88b06d144152332e065f22d20da7e42a

  • SHA512

    a9498c7233db5fde011719a6f9414a58e9ffcd1b12355d72b89158033f9129a6800c422b1d15ddb7fd7685b4c2ecadcb3b5974b91172ef4ba6ffdf1ff47ac7cc

  • SSDEEP

    24576:aR+5XQdObF2xWgoCijVHy+y9WDcmWRWpvrIXDMVA2HavlGXyHE3dPS2aJ9dF7XkH:rtQ0bFBjZtyUYm8AvrrX6dGXPrOd5XNW

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\37e0d08c67a17153a7d187e17fcf3d2d.exe
    "C:\Users\Admin\AppData\Local\Temp\37e0d08c67a17153a7d187e17fcf3d2d.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:5068
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 648
      2⤵
      • Program crash
      PID:1316
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 5068 -ip 5068
    1⤵
      PID:512

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/5068-0-0x0000000000400000-0x00000000007E7000-memory.dmp

            Filesize

            3.9MB

            Download

          • memory/5068-1-0x0000000000400000-0x00000000007E7000-memory.dmp

            Filesize

            3.9MB

            Download

          • memory/5068-3-0x0000000077520000-0x0000000077521000-memory.dmp

            Filesize

            4KB

            Download

          • memory/5068-4-0x0000000000400000-0x00000000007E7000-memory.dmp

            Filesize

            3.9MB

            Download