Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 12:28

General

  • Target

    VirusShare_11b5b821acfe784f05c809fc5013abc0.exe

  • Size

    104KB

  • MD5

    11b5b821acfe784f05c809fc5013abc0

  • SHA1

    908a3cfb96b21d04b38fd99502e67de48de0b9c5

  • SHA256

    88325f3d694f40eeb81eae5b0ed4b107b6228bab70cbdc2f9674e61a09a66563

  • SHA512

    b1a331d31be4e00d6285f4f14400dcb4ee92c6724eab9052756d79329f6ad435156b9aaa1ffb677f799ac3f9ab6346edf0bb1ccbc08a90bd210337019b00fd62

  • SSDEEP

    3072:NDjabtcLayLXD6riZEW4NaBZdZa+gnza:Nyb40NaBZ/r

Score
10/10

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\VirusShare_11b5b821acfe784f05c809fc5013abc0.exe
    "C:\Users\Admin\AppData\Local\Temp\VirusShare_11b5b821acfe784f05c809fc5013abc0.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: MapViewOfSection
    PID:2712
  • C:\Windows\syswow64\svchost.exe
    "C:\Windows\syswow64\svchost.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:2068

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1192-6-0x0000000077930000-0x0000000077AD9000-memory.dmp

    Filesize

    1.7MB

  • memory/1192-7-0x00000000024F0000-0x00000000024F7000-memory.dmp

    Filesize

    28KB

  • memory/1192-11-0x0000000077930000-0x0000000077AD9000-memory.dmp

    Filesize

    1.7MB

  • memory/2712-0-0x00000000003C0000-0x00000000003C4000-memory.dmp

    Filesize

    16KB

  • memory/2712-1-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

  • memory/2712-3-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

  • memory/2712-2-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

  • memory/2712-4-0x00000000003D0000-0x00000000003D1000-memory.dmp

    Filesize

    4KB

  • memory/2712-5-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB