Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
26/05/2024, 09:55
Static task
static1
Behavioral task
behavioral1
Sample
50fb76c1152e262a7004c115757934ccd0fa8f7c4ffa80c60f28aeaef57fb6bf.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
50fb76c1152e262a7004c115757934ccd0fa8f7c4ffa80c60f28aeaef57fb6bf.exe
Resource
win10v2004-20240508-en
General
-
Target
50fb76c1152e262a7004c115757934ccd0fa8f7c4ffa80c60f28aeaef57fb6bf.exe
-
Size
12.0MB
-
MD5
e40a4a288b5b2f5d629598187db24067
-
SHA1
3496d2b708b2f12280a94b3236be3d3a99edf9d7
-
SHA256
50fb76c1152e262a7004c115757934ccd0fa8f7c4ffa80c60f28aeaef57fb6bf
-
SHA512
c1a494af90e3ac896ed9e1e5499f7d35a1601275a807df25413ba3ffb4fe6a6e8bd1933c9223882e466bf5a2958ecdf2b59beceee912cb3c2e840e3f297310ec
-
SSDEEP
196608:e4HKDQBKkXy+Xjt815j5tDobSUFQE9ruInm7ccyXS:eaK0BK+Svj5t0ZFQE9yInmYvS
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
pid Process 2352 50fb76c1152e262a7004c115757934ccd0fa8f7c4ffa80c60f28aeaef57fb6bf.exe 2352 50fb76c1152e262a7004c115757934ccd0fa8f7c4ffa80c60f28aeaef57fb6bf.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 2352 50fb76c1152e262a7004c115757934ccd0fa8f7c4ffa80c60f28aeaef57fb6bf.exe Token: SeDebugPrivilege 2352 50fb76c1152e262a7004c115757934ccd0fa8f7c4ffa80c60f28aeaef57fb6bf.exe Token: 33 2352 50fb76c1152e262a7004c115757934ccd0fa8f7c4ffa80c60f28aeaef57fb6bf.exe Token: SeIncBasePriorityPrivilege 2352 50fb76c1152e262a7004c115757934ccd0fa8f7c4ffa80c60f28aeaef57fb6bf.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\50fb76c1152e262a7004c115757934ccd0fa8f7c4ffa80c60f28aeaef57fb6bf.exe"C:\Users\Admin\AppData\Local\Temp\50fb76c1152e262a7004c115757934ccd0fa8f7c4ffa80c60f28aeaef57fb6bf.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
PID:2352