Overview

overview

5

Static

static

3

Spoofer.exe

windows7-x64

5

Spoofer.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/06/2024, 08:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Spoofer.exe

  • Size

    56.3MB

  • MD5

    0b07a073eb75bbe4de562a5ccedb3041

  • SHA1

    69e0fb65aa278e65d02bfa4aa6e664f0176e1790

  • SHA256

    64508480425c9de4206ddc4e737e5f43af97048857ecbe1a111af796687f8a12

  • SHA512

    a4cd8477622a4081c83c76bfb4de06a2d9cbdceed6649b77c60239efe77ac4242d61af76aac01fbca649fdc7c5296b29cb5bb39347fe4dc6bd308e42367408b4

  • SSDEEP

    786432:cQSNyPsvlfueCp8Lo3IVI09XLmbpQEHrFnK/tUuneZ/u7v18hXK0dPpj/ZECti:B9PsN2bLY992jZK19eo79AXbdhaC

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Spoofer.exe
    "C:\Users\Admin\AppData\Local\Temp\Spoofer.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:1464
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Spoofer.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2776
      • C:\Windows\system32\certutil.exe
        certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Spoofer.exe" MD5
        3⤵
          PID:1800
        • C:\Windows\system32\find.exe
          find /i /v "md5"
          3⤵
            PID:2656
          • C:\Windows\system32\find.exe
            find /i /v "certutil"
            3⤵
              PID:3544
        • C:\Windows\system32\werfault.exe
          werfault.exe /h /shared Global\90775b5dc29d4703a481b703e7ff3ec0 /t 2924 /p 1464
          1⤵
            PID:544

          Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • memory/1464-0-0x00007FF676204000-0x00007FF6784C3000-memory.dmp

                  Filesize

                  34.7MB

                  Download

                • memory/1464-2-0x00007FFE4E740000-0x00007FFE4E742000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/1464-1-0x00007FFE4E730000-0x00007FFE4E732000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/1464-3-0x00007FF675DE0000-0x00007FF67BD12000-memory.dmp

                  Filesize

                  95.2MB

                  Download

                • memory/1464-16-0x000001EF90510000-0x000001EF90511000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/1464-11-0x000001EF90510000-0x000001EF90511000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/1464-13387-0x00007FF676204000-0x00007FF6784C3000-memory.dmp

                  Filesize

                  34.7MB

                  Download