Overview

overview

7

Static

static

3

b7673d307b...a4.exe

windows7-x64

7

b7673d307b...a4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/03/2024, 12:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b7673d307b8ee78b2a48d2dcbac580a4.exe

  • Size

    11.1MB

  • MD5

    b7673d307b8ee78b2a48d2dcbac580a4

  • SHA1

    1fd017a819f32f640a6b7de5bd9a110a07b0e505

  • SHA256

    b3149dd6082792c613d1d4e8707b708aecf1eb2c9d6a408427928db8216429c6

  • SHA512

    bd61596d818a36672f45d01c9cdfccbe6df6aea9b3ddd29bca613e9d7141dec012b3d6870a6a797c46c81b97d3f01aadfede60e98cfdeea6169a6e3304ffda29

  • SSDEEP

    196608:TcHI9wPAaCYM18Hq3WSzLfqCtgOquGAgyc2apjCREy/1U+0F6puA5KR:goAArWs76As2aRqMGNE

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b7673d307b8ee78b2a48d2dcbac580a4.exe
    "C:\Users\Admin\AppData\Local\Temp\b7673d307b8ee78b2a48d2dcbac580a4.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2492
    • C:\Users\Admin\AppData\Local\Temp\b7673d307b8ee78b2a48d2dcbac580a4.exe
      "C:\Users\Admin\AppData\Local\Temp\b7673d307b8ee78b2a48d2dcbac580a4.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2540

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_MEI24922\python39.dll
          Filesize

          4.3MB

          MD5

          6ea7584918af755ba948a64654a0a61a

          SHA1

          aa6bfb6f97c37d79e5499b54dc24f753b47f6de0

          SHA256

          3007a651d8d704fc73428899aec8788b8c8c7b150067e31b35bf5a3bd913f9b6

          SHA512

          d00e244b7fccdbec67e6b147827c82023dd9cb28a14670d13461462f0fbbe9e3c5b422a5207a3d08484eb2e05986386729a4973023519eb453ee4467f59d4a80

          Download Submit

        • memory/2492-0-0x0000000001310000-0x0000000002C29000-memory.dmp

          Filesize

          25.1MB

          Download

        • memory/2492-1-0x00000000FFBD0000-0x00000000FFFA1000-memory.dmp

          Filesize

          3.8MB

          Download

        • memory/2492-2-0x0000000077060000-0x0000000077061000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2492-24-0x0000000005F50000-0x0000000007869000-memory.dmp

          Filesize

          25.1MB

          Download

        • memory/2492-50-0x0000000001310000-0x0000000002C29000-memory.dmp

          Filesize

          25.1MB

          Download

        • memory/2492-51-0x00000000FFBD0000-0x00000000FFFA1000-memory.dmp

          Filesize

          3.8MB

          Download

        • memory/2540-25-0x0000000001310000-0x0000000002C29000-memory.dmp

          Filesize

          25.1MB

          Download

        • memory/2540-27-0x00000000FFBD0000-0x00000000FFFA1000-memory.dmp

          Filesize

          3.8MB

          Download

        • memory/2540-29-0x0000000001310000-0x0000000002C29000-memory.dmp

          Filesize

          25.1MB

          Download