Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02-03-2024 22:33
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
free.exe
Resource
win7-20240221-en
windows7-x64
4 signatures
150 seconds
General
-
Target
free.exe
-
Size
6.2MB
-
MD5
cfed224f0e753bf34b8bffabfba8479c
-
SHA1
bcee57728c634793c6052014b796805e5228507c
-
SHA256
57a5f69ecb165f207619bd57d9e90d9bffe9fce42aaf791480d8e33174044411
-
SHA512
1eee0590536bf57cc5900b6feaf9a0f266bdb7ad920b78caa6a891d79127ec02300e3e673feb5e61bcd4538d2def4ce3383cdb17a10178e4694818dd3dafbb14
-
SSDEEP
98304:ljqCvkjEYbpWmvDRIG2tBUTB0l6eCFyQ6RjE9jFe9yTsSg2LFDwbiUoI9GM67SKj:ljejbxyBo0l6RPTe9EvLFEirMT7e
Malware Config
Signatures
-
Drops file in Drivers directory 3 IoCs
Processes:
free.exedescription ioc process File created C:\Windows\System32\drivers\sdfdgfsg.txt free.exe File created C:\Windows\System32\drivers\gfdgfd.txt free.exe File created C:\Windows\System32\drivers\fgdfd.txt free.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
free.exepid process 1468 free.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
free.exepid process 1468 free.exe 1468 free.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1468-0-0x000000013FE00000-0x00000001408C0000-memory.dmpFilesize
10.8MB
-
memory/1468-1-0x0000000077D40000-0x0000000077D42000-memory.dmpFilesize
8KB
-
memory/1468-3-0x0000000077D40000-0x0000000077D42000-memory.dmpFilesize
8KB
-
memory/1468-5-0x0000000077D40000-0x0000000077D42000-memory.dmpFilesize
8KB
-
memory/1468-6-0x0000000077D50000-0x0000000077D52000-memory.dmpFilesize
8KB
-
memory/1468-8-0x0000000077D50000-0x0000000077D52000-memory.dmpFilesize
8KB
-
memory/1468-10-0x0000000077B90000-0x0000000077D39000-memory.dmpFilesize
1.7MB
-
memory/1468-11-0x0000000077D50000-0x0000000077D52000-memory.dmpFilesize
8KB
-
memory/1468-12-0x000000013FE00000-0x00000001408C0000-memory.dmpFilesize
10.8MB
-
memory/1468-21-0x000000013FE00000-0x00000001408C0000-memory.dmpFilesize
10.8MB
-
memory/1468-22-0x0000000077B90000-0x0000000077D39000-memory.dmpFilesize
1.7MB