Overview

overview

5

Static

static

3

f4e1631159...72.exe

windows7-x64

5

f4e1631159...72.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/05/2024, 04:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f4e16311590a71ed8569008a21bda5fff2fb44544fa3a3ff753e00cfa4d47b72.exe

  • Size

    7.8MB

  • MD5

    c086504debd2dc660726e657c9e2fd7e

  • SHA1

    ca1cbea59ac1cf969bcb764642480a13af1e4f94

  • SHA256

    f4e16311590a71ed8569008a21bda5fff2fb44544fa3a3ff753e00cfa4d47b72

  • SHA512

    e97a69994840438abe5bab89c248f77fc906e3d69ea0afe7eb90b1881e0c89646430ccb043d98e62a31a29047da4cf7da297a4f2f3b1e51c965620443c52d3e4

  • SSDEEP

    196608:Dy09fSQ5LIDpT+LpCMnbxz9pWspHKO2NxX:G40pUCMVhpWGK1

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f4e16311590a71ed8569008a21bda5fff2fb44544fa3a3ff753e00cfa4d47b72.exe
    "C:\Users\Admin\AppData\Local\Temp\f4e16311590a71ed8569008a21bda5fff2fb44544fa3a3ff753e00cfa4d47b72.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:3724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3724-0-0x0000000000400000-0x000000000146E000-memory.dmp

    Filesize

    16.4MB

    Download

  • memory/3724-3-0x000000000078E000-0x0000000000B67000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/3724-1-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3724-2-0x0000000000400000-0x000000000146E000-memory.dmp

    Filesize

    16.4MB

    Download

  • memory/3724-16-0x000000000078E000-0x0000000000B67000-memory.dmp

    Filesize

    3.8MB

    Download