Overview

overview

5

Static

static

3

2bfxeaki5b...ud.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    15s
  • max time network
    16s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/05/2024, 18:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2bfxeaki5b2u168cfhsmntlud.exe

  • Size

    7.3MB

  • MD5

    6136a11723e68480cc4c865575b7a73a

  • SHA1

    262b36e28690bf8352c7fbdf99654c8753a41d70

  • SHA256

    5f9c2768660cf04058d51e938ea7e42dc8dc62b0556140950de7352f8c6b12cd

  • SHA512

    b8c99e1fdbed8c251bf0d74358bd34cbf4b6c5df0ea317f461a39af41203b30f8a2866f196503f5bd2469b977af2c13ca3e4bb50deb206d3b086fdd90472dd27

  • SSDEEP

    196608:DHlxvCyD+frVOaVm4zE0WxGoTJuMpQWKL7scxtyAPPx:DH7vTEVO14DUJnKL7xP

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2bfxeaki5b2u168cfhsmntlud.exe
    "C:\Users\Admin\AppData\Local\Temp\2bfxeaki5b2u168cfhsmntlud.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:636
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c color b
      2⤵
        PID:1732
      • C:\Windows\System32\notepad.exe
        "C:\Windows\System32\notepad.exe"
        2⤵
          PID:2488

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/636-20-0x00000001400F2000-0x0000000140636000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/636-3-0x0000000140000000-0x0000000140D8D000-memory.dmp

        Filesize

        13.6MB

        Download

      • memory/636-2-0x00007FF93EE40000-0x00007FF93EE42000-memory.dmp

        Filesize

        8KB

        Download

      • memory/636-1-0x00007FF93EE30000-0x00007FF93EE32000-memory.dmp

        Filesize

        8KB

        Download

      • memory/636-0-0x00000001400F2000-0x0000000140636000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/636-21-0x0000000140000000-0x0000000140D8D000-memory.dmp

        Filesize

        13.6MB

        Download

      • memory/2488-10-0x0000023764770000-0x0000023764771000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2488-9-0x00000237640B0000-0x0000023764751000-memory.dmp

        Filesize

        6.6MB

        Download

      • memory/2488-11-0x00000237640B0000-0x0000023764751000-memory.dmp

        Filesize

        6.6MB

        Download

      • memory/2488-16-0x00000237640B0000-0x0000023764751000-memory.dmp

        Filesize

        6.6MB

        Download

      • memory/2488-15-0x00000237640B0000-0x0000023764751000-memory.dmp

        Filesize

        6.6MB

        Download

      • memory/2488-14-0x00000237640B0000-0x0000023764751000-memory.dmp

        Filesize

        6.6MB

        Download

      • memory/2488-22-0x00000237640B0000-0x0000023764751000-memory.dmp

        Filesize

        6.6MB

        Download