Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/02/2024, 03:10

General

  • Target

    ad8a07c2d7f23ccc50e6691b934e7a1b.exe

  • Size

    389KB

  • MD5

    ad8a07c2d7f23ccc50e6691b934e7a1b

  • SHA1

    4a1083ccdb8973f83b9b6d7afa81796e0d8af679

  • SHA256

    e763eed681cebe84674824a0486f0a56673d60fe43960b1a5ba70aec5d025d8d

  • SHA512

    bd07adb4403f051536aa9a59d2416a1b28158642c7ae6fb0110640014c7f2071fc47b7601f5f856927255a9844a75d477a890f058338b9a4f381123d07c9083e

  • SSDEEP

    6144:grGYselHBo0ZzIoXRlHuIqMbvnb/wKemHg1BakKJz2+Dwfi+a8AD/XoAupX7O7:c5hxH3OXQbTeKkKJzFDAil86/XRCG

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Program crash 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ad8a07c2d7f23ccc50e6691b934e7a1b.exe
    "C:\Users\Admin\AppData\Local\Temp\ad8a07c2d7f23ccc50e6691b934e7a1b.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:860
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 220
      2⤵
      • Program crash
      PID:2456
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 140
      2⤵
      • Program crash
      PID:368
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 860 -ip 860
    1⤵
      PID:548
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 860 -ip 860
      1⤵
        PID:1168

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads