Overview

overview

10

Static

static

10

bd291342f9...43.exe

windows7-x64

6

bd291342f9...43.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-03-2024 00:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bd291342f9e67e12cfc6ba494b95be43.exe

  • Size

    3.8MB

  • MD5

    bd291342f9e67e12cfc6ba494b95be43

  • SHA1

    477df3d4bc80e5a41ac22fa5fc0b652511e43907

  • SHA256

    4bddc1b65b7a24af3d24bddcd3722811775f3f98a65fbc433c762e1615af28c1

  • SHA512

    112a93d5dbde66ff17c601c72e7aeabd5bb54f506cda5173d3d6e2213b4c52fd53ff8ca4706440a457dedae40028bec1e664e343049e9930dc1c91f344f9760d

  • SSDEEP

    98304:877Pmq33rE/JDLPWZADUGer7B6iY74M/zmlwXVZaFB:K+R/eZADUXR

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
  • Suspicious behavior: RenamesItself 30 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd291342f9e67e12cfc6ba494b95be43.exe
    "C:\Users\Admin\AppData\Local\Temp\bd291342f9e67e12cfc6ba494b95be43.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4608

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4608-0-0x0000000075190000-0x00000000751C9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4608-1-0x00000000750C0000-0x00000000750F9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4608-2-0x00000000750C0000-0x00000000750F9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4608-3-0x00000000750C0000-0x00000000750F9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4608-4-0x00000000750C0000-0x00000000750F9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4608-5-0x00000000750C0000-0x00000000750F9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4608-6-0x00000000750C0000-0x00000000750F9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4608-7-0x00000000750C0000-0x00000000750F9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4608-8-0x00000000750C0000-0x00000000750F9000-memory.dmp

    Filesize

    228KB

    Download