Analysis
-
max time kernel
143s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
13/01/2024, 00:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
5772e6f313ca3a6539f0c6031a92f716.exe
Resource
win7-20231215-en
5 signatures
150 seconds
General
-
Target
5772e6f313ca3a6539f0c6031a92f716.exe
-
Size
2.2MB
-
MD5
5772e6f313ca3a6539f0c6031a92f716
-
SHA1
6e20c2220a05c8cf65669c92752f234ea15b42e0
-
SHA256
6399d04f2077b45702de8c54e39352e39113f5b2300dcf049d97a7269c16b6cb
-
SHA512
19b3d0de2df13dfe8424d632e60ae7d086c56f926e2950e2b22d2574b00b5aaec32b21235f4488adb32b050f0ee1ab8d1ee1807c0f2269342e2bb729d92629e3
-
SSDEEP
49152:x3I1msZAd2Yu7a4cQDh5Awo7OoPrHMQJa2mbmqaH71eYqhaZG:x+msSsYu7a7QDh5ApPsQY2mKBJGh
Malware Config
Signatures
-
SectopRAT payload 17 IoCs
resource yara_rule behavioral1/memory/2032-3-0x00000000003C0000-0x0000000000CF8000-memory.dmp family_sectoprat behavioral1/memory/2032-4-0x00000000003C0000-0x0000000000CF8000-memory.dmp family_sectoprat behavioral1/memory/2032-6-0x00000000003C0000-0x0000000000CF8000-memory.dmp family_sectoprat behavioral1/memory/2032-7-0x00000000003C0000-0x0000000000CF8000-memory.dmp family_sectoprat behavioral1/memory/2032-8-0x00000000003C0000-0x0000000000CF8000-memory.dmp family_sectoprat behavioral1/memory/2032-12-0x00000000003C0000-0x0000000000CF8000-memory.dmp family_sectoprat behavioral1/memory/2032-13-0x00000000003C0000-0x0000000000CF8000-memory.dmp family_sectoprat behavioral1/memory/2032-14-0x00000000003C0000-0x0000000000CF8000-memory.dmp family_sectoprat behavioral1/memory/2032-15-0x00000000003C0000-0x0000000000CF8000-memory.dmp family_sectoprat behavioral1/memory/2032-16-0x00000000003C0000-0x0000000000CF8000-memory.dmp family_sectoprat behavioral1/memory/2032-17-0x00000000003C0000-0x0000000000CF8000-memory.dmp family_sectoprat behavioral1/memory/2032-18-0x00000000003C0000-0x0000000000CF8000-memory.dmp family_sectoprat behavioral1/memory/2032-19-0x00000000003C0000-0x0000000000CF8000-memory.dmp family_sectoprat behavioral1/memory/2032-20-0x00000000003C0000-0x0000000000CF8000-memory.dmp family_sectoprat behavioral1/memory/2032-21-0x00000000003C0000-0x0000000000CF8000-memory.dmp family_sectoprat behavioral1/memory/2032-22-0x00000000003C0000-0x0000000000CF8000-memory.dmp family_sectoprat behavioral1/memory/2032-23-0x00000000003C0000-0x0000000000CF8000-memory.dmp family_sectoprat -
Suspicious use of NtSetInformationThreadHideFromDebugger 15 IoCs
pid Process 2032 5772e6f313ca3a6539f0c6031a92f716.exe 2032 5772e6f313ca3a6539f0c6031a92f716.exe 2032 5772e6f313ca3a6539f0c6031a92f716.exe 2032 5772e6f313ca3a6539f0c6031a92f716.exe 2032 5772e6f313ca3a6539f0c6031a92f716.exe 2032 5772e6f313ca3a6539f0c6031a92f716.exe 2032 5772e6f313ca3a6539f0c6031a92f716.exe 2032 5772e6f313ca3a6539f0c6031a92f716.exe 2032 5772e6f313ca3a6539f0c6031a92f716.exe 2032 5772e6f313ca3a6539f0c6031a92f716.exe 2032 5772e6f313ca3a6539f0c6031a92f716.exe 2032 5772e6f313ca3a6539f0c6031a92f716.exe 2032 5772e6f313ca3a6539f0c6031a92f716.exe 2032 5772e6f313ca3a6539f0c6031a92f716.exe 2032 5772e6f313ca3a6539f0c6031a92f716.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2032 5772e6f313ca3a6539f0c6031a92f716.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2032 5772e6f313ca3a6539f0c6031a92f716.exe