Analysis
-
max time kernel
149s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
16-06-2024 01:11
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe
Resource
win7-20240611-en
2 signatures
150 seconds
General
-
Target
5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe
-
Size
1.3MB
-
MD5
97ac9a9c06f656d1daf9b579cf7aeb38
-
SHA1
60b6b47fd981afb55510c08652600892fcd1e46f
-
SHA256
5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2
-
SHA512
2cb9585989e02020ad220a440699f5ca5e99ecc2c7e6c779c185a6ad49db7a76d0150ded7afff6c69f0699e8f3fd0a76e54380dcf9e305dfac7331449d848bf2
-
SSDEEP
24576:9Okq/nU9O8xV4ZsyXsI2bDXaOsYQwQfsiK3W3R2ZyRCn:QR/nU9NxV4qyXn5yQlw3Wh2ZuCn
Score
5/10
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 15 IoCs
Processes:
5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exepid process 2980 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 2980 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 2980 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 2980 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 2980 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 2980 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 2980 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 2980 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 2980 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 2980 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 2980 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 2980 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 2980 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 2980 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe 2980 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exepid process 2980 5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe"C:\Users\Admin\AppData\Local\Temp\5fd0197fa9d5ee9a0ec37c4faec0f1223a693097039b3c07cecc4caa66e5e9e2.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:2980
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2980-1-0x0000000001220000-0x0000000001752000-memory.dmpFilesize
5.2MB
-
memory/2980-0-0x0000000001220000-0x0000000001752000-memory.dmpFilesize
5.2MB
-
memory/2980-2-0x00000000016B4000-0x0000000001752000-memory.dmpFilesize
632KB
-
memory/2980-4-0x0000000001220000-0x0000000001752000-memory.dmpFilesize
5.2MB
-
memory/2980-5-0x0000000001220000-0x0000000001752000-memory.dmpFilesize
5.2MB
-
memory/2980-6-0x0000000001220000-0x0000000001752000-memory.dmpFilesize
5.2MB
-
memory/2980-7-0x00000000016B4000-0x0000000001752000-memory.dmpFilesize
632KB
-
memory/2980-8-0x0000000001220000-0x0000000001752000-memory.dmpFilesize
5.2MB
-
memory/2980-9-0x0000000001220000-0x0000000001752000-memory.dmpFilesize
5.2MB
-
memory/2980-10-0x0000000001220000-0x0000000001752000-memory.dmpFilesize
5.2MB
-
memory/2980-11-0x0000000001220000-0x0000000001752000-memory.dmpFilesize
5.2MB
-
memory/2980-12-0x0000000001220000-0x0000000001752000-memory.dmpFilesize
5.2MB
-
memory/2980-13-0x0000000001220000-0x0000000001752000-memory.dmpFilesize
5.2MB
-
memory/2980-14-0x0000000001220000-0x0000000001752000-memory.dmpFilesize
5.2MB
-
memory/2980-15-0x0000000001220000-0x0000000001752000-memory.dmpFilesize
5.2MB
-
memory/2980-16-0x0000000001220000-0x0000000001752000-memory.dmpFilesize
5.2MB
-
memory/2980-17-0x0000000001220000-0x0000000001752000-memory.dmpFilesize
5.2MB
-
memory/2980-18-0x0000000001220000-0x0000000001752000-memory.dmpFilesize
5.2MB
-
memory/2980-19-0x0000000001220000-0x0000000001752000-memory.dmpFilesize
5.2MB