Overview

overview

7

Static

static

3

f9c5b34781...b3.exe

windows7-x64

7

f9c5b34781...b3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28-03-2024 01:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f9c5b3478174f47a048c06d96cdb636332e1eec1f6ad9da88fa347554da3f3b3.exe

  • Size

    816KB

  • MD5

    c24c2de0d561468e37b4b3283dc291b7

  • SHA1

    d25d4a43661c5046b41a4d99fb471c6cd5916983

  • SHA256

    f9c5b3478174f47a048c06d96cdb636332e1eec1f6ad9da88fa347554da3f3b3

  • SHA512

    75c1fb74e08cee1368ce4d034f9c2f8739ebed21296d3a14c6b3b80408a2a09bcbc0ce7aee844a4a10df07ca90491fc233ca7bbd2db0a962962d799990db52c5

  • SSDEEP

    24576:IY4G2qLMJalsnqShyoo77lUabuSvbDQOOdIxJsG9R:V3XZynV4oDabuWbDQOcIxJJ9R

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f9c5b3478174f47a048c06d96cdb636332e1eec1f6ad9da88fa347554da3f3b3.exe
    "C:\Users\Admin\AppData\Local\Temp\f9c5b3478174f47a048c06d96cdb636332e1eec1f6ad9da88fa347554da3f3b3.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Users\Admin\AppData\Local\Temp\1A0E0E0E120D156D155F15D0D0D160F0A160A.exe
      C:\Users\Admin\AppData\Local\Temp\1A0E0E0E120D156D155F15D0D0D160F0A160A.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:2944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1A0E0E0E120D156D155F15D0D0D160F0A160A.exe
    Filesize

    816KB

    MD5

    f89cf9e86f61463cd10117eb2e344d6f

    SHA1

    a3b8165d33f380595943aa3f4ae949262dfe219e

    SHA256

    90a51eeba6f64e0f0332129aab8ca2bf1e199108ec6dae0442f66fe16ad7b7ae

    SHA512

    36f215dfa0a74594d15f81b192749d7187243b34cce5d8f207ceb69d1d3a1f80b8648df0f4fd4d3d9a783f3aeea985a791fa2de03ea7274bd82c17c02f09f7e4

    Download Submit

  • memory/1732-1-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1732-0-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1732-6-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1732-13-0x0000000002180000-0x000000000232D000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1732-12-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2944-16-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2944-15-0x0000000000400000-0x00000000005AD000-memory.dmp

    Filesize

    1.7MB

    Download