df63df335d4e3307bb952c16aef542177187fa3efbde9d7483b207812d4e1e72 | Triage

Analysis

max time kernel
137s
max time network
273s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 18:16

Sharing

Report Analysis Logs

General

Target

FL64 (scaled).exe
Size

2.9MB
MD5

4757429c07db24a1a4ab4e8396951e11
SHA1

11f0b7c80f494b194ee319ee2833a81712ec8890
SHA256

840cac6b0a18d520877554f0e59a2bf7c3681e673829882718eb99e19d1611fd
SHA512

b5ff641b00b9d693565d603c1e32177aa15b9c185cf0b3b30323e4431cebec69b0246ab5f6a0ba3b8de91d3a3b0072dbf9930ad2826c9f4611e84b24e35f607f
SSDEEP

49152:kbQUGviYVTh4zNyUlfNGcmmAj73+W91r2frAMSFI8WjhGTh7vrhsOV:tUEiYD4gURRUjaq+GhsOV

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
4220	FL64 (scaled).exe
4220	FL64 (scaled).exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4220	FL64 (scaled).exe
4220	FL64 (scaled).exe

C:\Users\Admin\AppData\Local\Temp\FL64 (scaled).exe
"C:\Users\Admin\AppData\Local\Temp\FL64 (scaled).exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:4220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4220-0-0x00007FF903E30000-0x00007FF903E32000-memory.dmp

Filesize
8KB

Download
memory/4220-1-0x000000006E210000-0x0000000072297000-memory.dmp

Filesize
64.5MB

Download
memory/4220-2-0x0000000071E17000-0x0000000071EAA000-memory.dmp

Filesize
588KB

Download
memory/4220-3-0x000000006E210000-0x0000000072297000-memory.dmp

Filesize
64.5MB

Download