Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/03/2024, 01:04

General

  • Target

    b363b473b5e2262c0ffdd5f5786402ad.exe

  • Size

    248KB

  • MD5

    b363b473b5e2262c0ffdd5f5786402ad

  • SHA1

    b9e983d9fba87ab19e3b8942918a3dd4783ee9c4

  • SHA256

    fd26d0653a47e24c6373096fe3d413d2f86ade515b4100a425283045b56ed3ca

  • SHA512

    af2a089bb5f5a5fca391d9e90d29fb9347badae3d8b6c23711f877ef7efad2e888df2b8415dbe895f457990ca0822983ba8d6e56ae44633664a509c5d618a3c8

  • SSDEEP

    6144:wMAG+etgKfz8LeSC1EbTLCpJqCx3P9UWcIN7686WbN:tANetgKr8LJ9bTLCjqCxf9U6NW2

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Program crash 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b363b473b5e2262c0ffdd5f5786402ad.exe
    "C:\Users\Admin\AppData\Local\Temp\b363b473b5e2262c0ffdd5f5786402ad.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:2076
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 220
      2⤵
      • Program crash
      PID:728
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 152
      2⤵
      • Program crash
      PID:1784
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2076 -ip 2076
    1⤵
      PID:3944
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2076 -ip 2076
      1⤵
        PID:2544

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads