10a11d014c580c6a9ae147a7fb4e4908d1c09ce516c0a029b7fbf42c3e6001c6

Analysis

max time kernel
50s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 07:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2cdec59fa46f548da9d0cfb3f92973a0.exe
Size

607KB
MD5

2cdec59fa46f548da9d0cfb3f92973a0
SHA1

267db648c68f0db62237820a9e8e0efae80c433d
SHA256

10a11d014c580c6a9ae147a7fb4e4908d1c09ce516c0a029b7fbf42c3e6001c6
SHA512

923ae5e6ca8aed2de9c9f81a86b97cecf7d34af10dbf7c67c1ad36d61fe126faae401f83160c604ccfca2bfcae9048ebf54246f6bca7e23cfd300e517dbec5bf
SSDEEP

12288:/LqXb0DFaVoRjMpwfNn7XWt3KO1Dtu3Mi5fCdFhAtCgSA0PMR:PAqMpwFOaGDtcMilCzhcCgS7S

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
4112	2cdec59fa46f548da9d0cfb3f92973a0.exe
3564	2cdec59fa46f548da9d0cfb3f92973a0.exe
4356	2cdec59fa46f548da9d0cfb3f92973a0.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4112 wrote to memory of 3564	4112	2cdec59fa46f548da9d0cfb3f92973a0.exe	91
PID 4112 wrote to memory of 3564	4112	2cdec59fa46f548da9d0cfb3f92973a0.exe	91
PID 4112 wrote to memory of 3564	4112	2cdec59fa46f548da9d0cfb3f92973a0.exe	91
PID 4112 wrote to memory of 4356	4112	2cdec59fa46f548da9d0cfb3f92973a0.exe	90
PID 4112 wrote to memory of 4356	4112	2cdec59fa46f548da9d0cfb3f92973a0.exe	90
PID 4112 wrote to memory of 4356	4112	2cdec59fa46f548da9d0cfb3f92973a0.exe	90

C:\Users\Admin\AppData\Local\Temp\2cdec59fa46f548da9d0cfb3f92973a0.exe
"C:\Users\Admin\AppData\Local\Temp\2cdec59fa46f548da9d0cfb3f92973a0.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:4112
- C:\Users\Admin\AppData\Local\Temp\2cdec59fa46f548da9d0cfb3f92973a0.exe
  watch
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:4356
- C:\Users\Admin\AppData\Local\Temp\2cdec59fa46f548da9d0cfb3f92973a0.exe
  start
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:3564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3564-5-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/3564-16-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/3564-14-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/3564-9-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/3564-12-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/4112-8-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/4112-1-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/4112-20-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/4112-0-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/4112-4-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/4112-3-0x00000000006D0000-0x00000000006D1000-memory.dmp

Filesize
4KB

Download
memory/4112-2-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/4356-6-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/4356-10-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/4356-15-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/4356-11-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/4356-17-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/4356-19-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/4356-13-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads