Overview

overview

8

Static

static

3

a0b53d45cb...0c.exe

windows7-x64

8

a0b53d45cb...0c.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-02-2024 00:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a0b53d45cbda284994b819c8cd10530c.exe

  • Size

    6.1MB

  • MD5

    a0b53d45cbda284994b819c8cd10530c

  • SHA1

    5434413b722c4d66453d8ea234b7ef560cd8ec67

  • SHA256

    2ebb208b3eee8ae5e2408617799ad37c87fa0eb5c020bedd25b1c0ce801ca70b

  • SHA512

    0bf484d302b90af055ec17f15ae140b4001b00a04c0cf3a53e7201f9e67621df7a8d4fd1f6ec432a0ea3654ebedc362e4e914f758969071fe281b84abf6f6c04

  • SSDEEP

    196608:kdWGuWW+1JQTHd0BGN0koepw1RygUGdlWV/MH1Vxz:uWGeAJQ50y/0eMV

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a0b53d45cbda284994b819c8cd10530c.exe
    "C:\Users\Admin\AppData\Local\Temp\a0b53d45cbda284994b819c8cd10530c.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1792
    • C:\Users\Admin\AppData\Local\Temp\a0b53d45cbda284994b819c8cd10530c.exe
      C:\Users\Admin\AppData\Local\Temp\a0b53d45cbda284994b819c8cd10530c.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\a0b53d45cbda284994b819c8cd10530c.exe
    Filesize

    3.0MB

    MD5

    94f14bf026de0a27c1a56624298f7310

    SHA1

    681bfb7105f7cc1163131358a3bc289f0d16ea4f

    SHA256

    22b0e5b56925d17eeb7b7dc0026d2cca624942edfef202f07bc61b8940403423

    SHA512

    2aba8b72183cb58d78002760aa80a05ab4b6e03dc9df632a7f869ff4b61301e038552efcfb39aa911d5a06d498956dfb4decf6f16c1c84910e9c66fd92218f45

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\a0b53d45cbda284994b819c8cd10530c.exe
    Filesize

    2.4MB

    MD5

    acf7713088657e49bea9c77f814744b9

    SHA1

    f5f858c50822fa8ac2322ae5e92fceeec0fe901d

    SHA256

    7231ca18330485ca2c5cf0008641c685fce4662106b3a4ff29554f897075069e

    SHA512

    54a6ef76b73905c01525962e57dc99cf02844c44b22b4c2f7f478b2edbc947f2e6dbd008e04bc83f30ec9c5ce0ad9c631d9b84d12773d070bd3443d32dcab2ff

    Download Submit

  • memory/1548-5-0x0000000000400000-0x0000000000AEB000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1548-7-0x0000000000400000-0x0000000000AEB000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1792-0-0x0000000000400000-0x0000000000AFC000-memory.dmp

    Filesize

    7.0MB

    Download

  • memory/1792-4-0x0000000000400000-0x0000000000AFC000-memory.dmp

    Filesize

    7.0MB

    Download