87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
15-06-2024 10:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
Size

8.9MB
MD5

1b710b867316cc9ab04051ab6171d5ea
SHA1

2d1ba70682910401c0e3416976d1bd1ae76fea33
SHA256

87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9
SHA512

7a5076ac64b546780bec9d6c397a747db3a053b47a2f4fff062c203a2c13833917fd294f1c42a113d5705ac1a28ee129c3b8cea5ba142969ce3284f85857ae0a
SSDEEP

196608:BciTpIdkGGHWzFLz2WjPT+tnh249hEMjFhbm74l7LzoMyqE:BRk5VYWLT7hMnmCoMT

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe

Suspicious behavior: EnumeratesProcesses 50 IoCs

pid	Process
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2972	87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe

C:\Users\Admin\AppData\Local\Temp\87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe
"C:\Users\Admin\AppData\Local\Temp\87f6713235f57cc061866f417a3435c5af36fe78d53cff1da1793b6bb91d4bf9.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2972-0-0x00000000009F3000-0x0000000000EE9000-memory.dmp

Filesize
5.0MB

Download
memory/2972-42-0x0000000000400000-0x00000000017CC000-memory.dmp

Filesize
19.8MB

Download
memory/2972-44-0x0000000000400000-0x00000000017CC000-memory.dmp

Filesize
19.8MB

Download
memory/2972-40-0x000007FEFDC30000-0x000007FEFDC32000-memory.dmp

Filesize
8KB

Download
memory/2972-38-0x000007FEFDC30000-0x000007FEFDC32000-memory.dmp

Filesize
8KB

Download
memory/2972-47-0x0000000000400000-0x00000000017CC000-memory.dmp

Filesize
19.8MB

Download
memory/2972-35-0x000007FEFDC00000-0x000007FEFDC02000-memory.dmp

Filesize
8KB

Download
memory/2972-33-0x000007FEFDC00000-0x000007FEFDC02000-memory.dmp

Filesize
8KB

Download
memory/2972-30-0x0000000077C30000-0x0000000077C32000-memory.dmp

Filesize
8KB

Download
memory/2972-28-0x0000000077C30000-0x0000000077C32000-memory.dmp

Filesize
8KB

Download
memory/2972-26-0x0000000077C30000-0x0000000077C32000-memory.dmp

Filesize
8KB

Download
memory/2972-25-0x0000000077C20000-0x0000000077C22000-memory.dmp

Filesize
8KB

Download
memory/2972-23-0x0000000077C20000-0x0000000077C22000-memory.dmp

Filesize
8KB

Download
memory/2972-21-0x0000000077C20000-0x0000000077C22000-memory.dmp

Filesize
8KB

Download
memory/2972-20-0x0000000077C10000-0x0000000077C12000-memory.dmp

Filesize
8KB

Download
memory/2972-18-0x0000000077C10000-0x0000000077C12000-memory.dmp

Filesize
8KB

Download
memory/2972-16-0x0000000077C10000-0x0000000077C12000-memory.dmp

Filesize
8KB

Download
memory/2972-15-0x0000000077C00000-0x0000000077C02000-memory.dmp

Filesize
8KB

Download
memory/2972-13-0x0000000077C00000-0x0000000077C02000-memory.dmp

Filesize
8KB

Download
memory/2972-11-0x0000000077C00000-0x0000000077C02000-memory.dmp

Filesize
8KB

Download
memory/2972-10-0x0000000077BF0000-0x0000000077BF2000-memory.dmp

Filesize
8KB

Download
memory/2972-8-0x0000000077BF0000-0x0000000077BF2000-memory.dmp

Filesize
8KB

Download
memory/2972-6-0x0000000077BF0000-0x0000000077BF2000-memory.dmp

Filesize
8KB

Download
memory/2972-5-0x0000000077BE0000-0x0000000077BE2000-memory.dmp

Filesize
8KB

Download
memory/2972-3-0x0000000077BE0000-0x0000000077BE2000-memory.dmp

Filesize
8KB

Download
memory/2972-1-0x0000000077BE0000-0x0000000077BE2000-memory.dmp

Filesize
8KB

Download
memory/2972-48-0x0000000000400000-0x00000000017CC000-memory.dmp

Filesize
19.8MB

Download
memory/2972-49-0x0000000000400000-0x00000000017CC000-memory.dmp

Filesize
19.8MB

Download
memory/2972-50-0x00000000009F3000-0x0000000000EE9000-memory.dmp

Filesize
5.0MB

Download
memory/2972-51-0x0000000000400000-0x00000000017CC000-memory.dmp

Filesize
19.8MB

Download