89dc1376dc9e78f760389a28b40075d4d593cf5508ff29634eb6b4b292aae74d

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 06:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

89dc1376dc9e78f760389a28b40075d4d593cf5508ff29634eb6b4b292aae74d.exe
Size

9.3MB
MD5

0958d8ee14e1616a758f67147d416d9d
SHA1

d4b0bcde8162c8beb94a9972f2a6be1d4c004c36
SHA256

89dc1376dc9e78f760389a28b40075d4d593cf5508ff29634eb6b4b292aae74d
SHA512

bb0055b72c67b0ec5a88f547149badd862301a68121040bf3c096f2075b788acf96bde19d6970c0fb8ad218e32afaf8b14213f62d705df349de31d5822ea08f4
SSDEEP

196608:OfQPp6th6U2TdPE0s9akhY1i74qiK7l7BAE1QBaumTxUc8YVd40:OoRnyn9NF74qTbl1Qm9KYL

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2716	89dc1376dc9e78f760389a28b40075d4d593cf5508ff29634eb6b4b292aae74d.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2716	89dc1376dc9e78f760389a28b40075d4d593cf5508ff29634eb6b4b292aae74d.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2716	89dc1376dc9e78f760389a28b40075d4d593cf5508ff29634eb6b4b292aae74d.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2716	89dc1376dc9e78f760389a28b40075d4d593cf5508ff29634eb6b4b292aae74d.exe
Token: SeShutdownPrivilege	2716	89dc1376dc9e78f760389a28b40075d4d593cf5508ff29634eb6b4b292aae74d.exe
Token: SeLoadDriverPrivilege	2716	89dc1376dc9e78f760389a28b40075d4d593cf5508ff29634eb6b4b292aae74d.exe
Token: SeTakeOwnershipPrivilege	2716	89dc1376dc9e78f760389a28b40075d4d593cf5508ff29634eb6b4b292aae74d.exe
Token: SeBackupPrivilege	2716	89dc1376dc9e78f760389a28b40075d4d593cf5508ff29634eb6b4b292aae74d.exe
Token: SeRestorePrivilege	2716	89dc1376dc9e78f760389a28b40075d4d593cf5508ff29634eb6b4b292aae74d.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2716	89dc1376dc9e78f760389a28b40075d4d593cf5508ff29634eb6b4b292aae74d.exe
2716	89dc1376dc9e78f760389a28b40075d4d593cf5508ff29634eb6b4b292aae74d.exe

C:\Users\Admin\AppData\Local\Temp\89dc1376dc9e78f760389a28b40075d4d593cf5508ff29634eb6b4b292aae74d.exe
"C:\Users\Admin\AppData\Local\Temp\89dc1376dc9e78f760389a28b40075d4d593cf5508ff29634eb6b4b292aae74d.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2716-0-0x0000000003110000-0x00000000032B7000-memory.dmp

Filesize
1.7MB

Download
memory/2716-1-0x0000000003110000-0x00000000032B7000-memory.dmp

Filesize
1.7MB

Download
memory/2716-2-0x0000000000400000-0x0000000001722000-memory.dmp

Filesize
19.1MB

Download
memory/2716-3-0x0000000003110000-0x00000000032B7000-memory.dmp

Filesize
1.7MB

Download
memory/2716-36-0x0000000000AC2000-0x0000000000DD8000-memory.dmp

Filesize
3.1MB

Download
memory/2716-33-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2716-34-0x0000000000400000-0x0000000001722000-memory.dmp

Filesize
19.1MB

Download
memory/2716-31-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2716-38-0x0000000000400000-0x0000000001722000-memory.dmp

Filesize
19.1MB

Download
memory/2716-28-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2716-26-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2716-23-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2716-21-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2716-18-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2716-16-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2716-13-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2716-11-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2716-9-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2716-8-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2716-6-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2716-4-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2716-39-0x0000000000400000-0x0000000001722000-memory.dmp

Filesize
19.1MB

Download
memory/2716-40-0x0000000003110000-0x00000000032B7000-memory.dmp

Filesize
1.7MB

Download
memory/2716-41-0x0000000000AC2000-0x0000000000DD8000-memory.dmp

Filesize
3.1MB

Download
memory/2716-42-0x0000000000400000-0x0000000001722000-memory.dmp

Filesize
19.1MB

Download