12883b3662e2f95a1bac4487e12e425092edcd5e1ae893781ed3e4b7b755fed4

Analysis

max time kernel
156s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03-01-2024 14:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ec2f4a9ecb8ec13d8e334358f4d1582.exe
Size

604KB
MD5

3ec2f4a9ecb8ec13d8e334358f4d1582
SHA1

ea3adfb6f4ad00a22f0bc053a0b13b0cbe58edf6
SHA256

12883b3662e2f95a1bac4487e12e425092edcd5e1ae893781ed3e4b7b755fed4
SHA512

5a840d857c6d637c8a1325119ff4eda9dd832215f6562c5a1d45750481173d659043273f9491b50ec9d70a91c639e2cb0d8e248ef8d2238da1d65133abf661d5
SSDEEP

12288:CrY7BXbuWqo0awIdcQP8O1Dtu3Mi5uBQNEJPUep7IMa:yYxbuWq8wTQUGDtcMiqgEJPUew

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
4460	3ec2f4a9ecb8ec13d8e334358f4d1582.exe
1424	3ec2f4a9ecb8ec13d8e334358f4d1582.exe
2188	3ec2f4a9ecb8ec13d8e334358f4d1582.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4460 wrote to memory of 2188	4460	3ec2f4a9ecb8ec13d8e334358f4d1582.exe	95
PID 4460 wrote to memory of 2188	4460	3ec2f4a9ecb8ec13d8e334358f4d1582.exe	95
PID 4460 wrote to memory of 2188	4460	3ec2f4a9ecb8ec13d8e334358f4d1582.exe	95
PID 4460 wrote to memory of 1424	4460	3ec2f4a9ecb8ec13d8e334358f4d1582.exe	96
PID 4460 wrote to memory of 1424	4460	3ec2f4a9ecb8ec13d8e334358f4d1582.exe	96
PID 4460 wrote to memory of 1424	4460	3ec2f4a9ecb8ec13d8e334358f4d1582.exe	96

C:\Users\Admin\AppData\Local\Temp\3ec2f4a9ecb8ec13d8e334358f4d1582.exe
"C:\Users\Admin\AppData\Local\Temp\3ec2f4a9ecb8ec13d8e334358f4d1582.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:4460
- C:\Users\Admin\AppData\Local\Temp\3ec2f4a9ecb8ec13d8e334358f4d1582.exe
  start
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2188
- C:\Users\Admin\AppData\Local\Temp\3ec2f4a9ecb8ec13d8e334358f4d1582.exe
  watch
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:1424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1424-20-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/1424-14-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/1424-7-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/1424-9-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/1424-10-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2188-11-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2188-19-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2188-15-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2188-13-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2188-6-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2188-8-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/4460-4-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/4460-12-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/4460-5-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/4460-0-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/4460-3-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download
memory/4460-2-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/4460-1-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads