6827e3580ecb100e3bd5b700a5c27688cb81accd91a78cc9c0095fa82ad6aabc

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 06:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Combat_Master.exe
Size

1.4MB
MD5

579948e216925ea84ad5c71c8644a325
SHA1

0c66fb661d16737e0a11dc4a050f3a933d9ff967
SHA256

6827e3580ecb100e3bd5b700a5c27688cb81accd91a78cc9c0095fa82ad6aabc
SHA512

f0a856aa8d0dbc6956b61982760508c8751531384f2403f5bbc424f2ba204aaf92deb93d2ea79e959eb4c0c05453afcaf308fe84d4ca96a5d362311eabf1b86c
SSDEEP

24576:+d5n23p7qpxIztlg+awqwUwExIPfA8OLhJ9yp/xCcTOuIrmkSkkkkkjOWn7OOI:ON2Ph/qNwffAj3g/bTqSk6WniD

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
1764	Combat_Master.exe
4396	Combat_Master.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1764	Combat_Master.exe
1764	Combat_Master.exe
4396	Combat_Master.exe
4396	Combat_Master.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 992	1764	Combat_Master.exe	83
PID 1764 wrote to memory of 992	1764	Combat_Master.exe	83
PID 1764 wrote to memory of 4396	1764	Combat_Master.exe	87
PID 1764 wrote to memory of 4396	1764	Combat_Master.exe	87
PID 4396 wrote to memory of 1700	4396	Combat_Master.exe	88
PID 4396 wrote to memory of 1700	4396	Combat_Master.exe	88

C:\Users\Admin\AppData\Local\Temp\Combat_Master.exe
"C:\Users\Admin\AppData\Local\Temp\Combat_Master.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:992
- C:\Users\Admin\AppData\Local\Temp\Combat_Master.exe
  C:\Users\Admin\AppData\Local\Temp\Combat_Master.exe 1764
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4396
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

Filesize
1KB

MD5
1ff2cf5dc7fbcd52005179102e19cadf

SHA1
fa3b6dbafdba203e2133e34efa3e44248da83bac

SHA256
5658be4fcc7a21c0ef03f965cb4ebec9f7f9ec5dd20b1353d77860492c64710d

SHA512
787265c837f1a805dd23d2152e3aaaa3ed7dd13afc1015f37e8ebf809a449c7ca68bffa1b32600b851168a95b8df04b9ab399b62293bc1d09db0b80b1d05edb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
2KB

MD5
33f6609037d194995ded6f1d72bbb86f

SHA1
bce2aac93a4d11962bfc2571f213ce0de75fe9bf

SHA256
f812282b0dab36f6628bce1f262272458e8dab21155802c16bd6c624e1030bd0

SHA512
08c5032166e1ccbe7395adbf736f48971017a0f93f9e3865f66959feea794f4547e88ed88e01c08848578551851ce447353dc0cce6a12de9fbba19e7935de0d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
1KB

MD5
bc8d9b1ff1ee70bdd008bf98c44298ff

SHA1
7b8cba8589208200d7f84f36f6ec80d15c801b2a

SHA256
d9c00b1edaeafb2860a267e4441ddaa29a5eb72150011a0ec2d1f2048b6b0f2e

SHA512
17132f9821339b4670cf03e978c924612d78f0bb0ec8ea6900861ffec7a3645ee5d4b4912590d80597695acfc674cbef91ae0c9870ad748fc980daf0a4b088ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F53EB4E574DE32C870452087D92DBEBB_D7B2A7EA57402CF9609644C10FDC55CA

Filesize
471B

MD5
e33c9df7393078f734e88a9325c409a6

SHA1
df44df85e2e51f3f982274302d5570b28e48a621

SHA256
8a895334690b42dcd9c6dd9a639abdd4742466d1faff20f9a38b722ff5b42fd8

SHA512
33f18aafe2b744c6846f8ec02ddaef26678be161c46b3b0edab1ac023f414486e8e23520d15ccb5af45a8686f167938d861d9601d51ab9f5d09f77a32baec2fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

Filesize
434B

MD5
4cc2863c7a75aab96601156f0f2f1ce1

SHA1
9e27a78f9842a659ca7000743346fda892705e7a

SHA256
19f51e228191cb2f443da7a8499bf26a6989c1e26727c6b99c186b03f7a3d237

SHA512
8cdd0c34b8cecdd162e42a20c80d1ccf596534a6f15e9f445f7a8d36d8af058e56d5f84e25469194d53054ce3cb38510e4656d9c999ad231cc4880a1cc674ad3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
458B

MD5
fdf63767d8c0456bc9effabd7cb77345

SHA1
bf4d7f90f369182e63ab0be72005b5befa514ea5

SHA256
cb0de63f1400ed52d7d19dbf1d751455422a053f8118d08e25e5ebcb876b6332

SHA512
09f7eaa43e54df006834920e438679c92ebd8ec820c5322eed4f011c51faf594259a2627daeb984953160b24d93992a1067930faf1f0b4cc4d05624e187356c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
432B

MD5
daed10a2d064bfd883149324a17388b5

SHA1
91f37847f043706c9b89d9054bc2c21019506967

SHA256
20fcaae3974b07a5ae3c9b251db21047a6f3ba828e07970d61c855992c0bd49e

SHA512
38214d7f4d53eaebbee9c60a1d7534b60da83c299323044da500af0cfefbfe5b002f57f61ffba435a1cef4a51436eae2d7f659218f2b77979abc921f22e4142d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F53EB4E574DE32C870452087D92DBEBB_D7B2A7EA57402CF9609644C10FDC55CA

Filesize
426B

MD5
17f2882b3e38a7cda359df46229994c2

SHA1
936576217d4c2b9bbf44429c7e760a75ca234e98

SHA256
14344e12950ed340932ab3473a049a5214ae02cb507e8f320e095940bf9953c4

SHA512
bf73cffee39680de549fb506b6627723bf9151b775777fee0a6b3f66b315b49e8dd23fe6ba0e1eadb1b2d8dd29ad67df23058607954c8ff91ff4f6452773dc61

Download Submit