Analysis Overview
SHA256
b166e6ae68596043c9f820726c5a3e4c9bbc6cf1442b3cf203df19ed6cd9103d
Threat Level: Known bad
The file 56e9504913b9bb911ffcfd7c1d3284d8.bin was found to be: Known bad.
Malicious Activity Summary
RisePro
Suspicious use of NtSetInformationThreadHideFromDebugger
Unsigned PE
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-16 01:20
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 01:20
Reported
2024-06-16 01:23
Platform
win7-20240221-en
Max time kernel
146s
Max time network
118s
Command Line
Signatures
RisePro
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5d8f9d6af59f609ccc563ccf00cb08cb231643615222ac07d9355945a6f58316.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\5d8f9d6af59f609ccc563ccf00cb08cb231643615222ac07d9355945a6f58316.exe
"C:\Users\Admin\AppData\Local\Temp\5d8f9d6af59f609ccc563ccf00cb08cb231643615222ac07d9355945a6f58316.exe"
Network
Files
memory/2512-2-0x00000000007E4000-0x0000000000882000-memory.dmp
memory/2512-1-0x0000000000350000-0x0000000000882000-memory.dmp
memory/2512-0-0x0000000000350000-0x0000000000882000-memory.dmp
memory/2512-4-0x0000000000350000-0x0000000000882000-memory.dmp
memory/2512-5-0x0000000000350000-0x0000000000882000-memory.dmp
memory/2512-6-0x0000000000350000-0x0000000000882000-memory.dmp
memory/2512-7-0x0000000000350000-0x0000000000882000-memory.dmp
memory/2512-8-0x0000000000350000-0x0000000000882000-memory.dmp
memory/2512-9-0x0000000000350000-0x0000000000882000-memory.dmp
memory/2512-10-0x0000000000350000-0x0000000000882000-memory.dmp
memory/2512-11-0x0000000000350000-0x0000000000882000-memory.dmp
memory/2512-12-0x0000000000350000-0x0000000000882000-memory.dmp
memory/2512-13-0x0000000000350000-0x0000000000882000-memory.dmp
memory/2512-14-0x0000000000350000-0x0000000000882000-memory.dmp
memory/2512-15-0x0000000000350000-0x0000000000882000-memory.dmp
memory/2512-16-0x0000000000350000-0x0000000000882000-memory.dmp
memory/2512-17-0x0000000000350000-0x0000000000882000-memory.dmp
memory/2512-18-0x0000000000350000-0x0000000000882000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-16 01:20
Reported
2024-06-16 01:23
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
58s
Command Line
Signatures
RisePro
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5d8f9d6af59f609ccc563ccf00cb08cb231643615222ac07d9355945a6f58316.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\5d8f9d6af59f609ccc563ccf00cb08cb231643615222ac07d9355945a6f58316.exe
"C:\Users\Admin\AppData\Local\Temp\5d8f9d6af59f609ccc563ccf00cb08cb231643615222ac07d9355945a6f58316.exe"
Network
Files
memory/2156-0-0x0000000000A30000-0x0000000000F62000-memory.dmp
memory/2156-2-0x0000000000EC4000-0x0000000000F62000-memory.dmp
memory/2156-1-0x0000000000A30000-0x0000000000F62000-memory.dmp
memory/2156-4-0x0000000000A30000-0x0000000000F62000-memory.dmp
memory/2156-5-0x0000000000A30000-0x0000000000F62000-memory.dmp
memory/2156-6-0x0000000000A30000-0x0000000000F62000-memory.dmp
memory/2156-7-0x0000000000A30000-0x0000000000F62000-memory.dmp
memory/2156-8-0x0000000000A30000-0x0000000000F62000-memory.dmp
memory/2156-9-0x0000000000A30000-0x0000000000F62000-memory.dmp
memory/2156-10-0x0000000000A30000-0x0000000000F62000-memory.dmp
memory/2156-11-0x0000000000A30000-0x0000000000F62000-memory.dmp
memory/2156-12-0x0000000000A30000-0x0000000000F62000-memory.dmp
memory/2156-13-0x0000000000A30000-0x0000000000F62000-memory.dmp
memory/2156-14-0x0000000000A30000-0x0000000000F62000-memory.dmp
memory/2156-15-0x0000000000A30000-0x0000000000F62000-memory.dmp
memory/2156-16-0x0000000000A30000-0x0000000000F62000-memory.dmp
memory/2156-17-0x0000000000A30000-0x0000000000F62000-memory.dmp
memory/2156-18-0x0000000000A30000-0x0000000000F62000-memory.dmp