Overview

overview

5

Static

static

3

thraxywaxy.exe

windows10-1703-x64

5

Analysis

  • max time kernel
    31s
  • max time network
    35s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    30/06/2024, 12:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    thraxywaxy.exe

  • Size

    67.7MB

  • MD5

    b3d0ef6fc8dc355c3a148cb525764d4d

  • SHA1

    c6b2074bf3420ae87e1bdc8d06142ce64f82c079

  • SHA256

    d26aab0090481d1574b23585ada561c89585a0d370b413ca8a326eb0a09d8d60

  • SHA512

    8503cf68b21a006449e6714b820cdf3105d8fca6b1cbd4d9d1be917dc8129b0a7e52f32a84369f326d8eded40685e8af6e1cd6ae55e1aeadfcfe942706614206

  • SSDEEP

    1572864:AYc12jESlHVCSuxLlQhmqpNxnvOJ+egZ1CBDlvQL:Tc2EoehQNxvpmlg

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 24 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\thraxywaxy.exe
    "C:\Users\Admin\AppData\Local\Temp\thraxywaxy.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4692
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\thraxywaxy.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4976
      • C:\Windows\system32\certutil.exe
        certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\thraxywaxy.exe" MD5
        3⤵
          PID:1884
        • C:\Windows\system32\find.exe
          find /i /v "md5"
          3⤵
            PID:4236
          • C:\Windows\system32\find.exe
            find /i /v "certutil"
            3⤵
              PID:3232

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4692-0-0x00007FF8BF430000-0x00007FF8BF432000-memory.dmp

          Filesize

          8KB

          Download

        • memory/4692-1-0x00007FF8BF440000-0x00007FF8BF442000-memory.dmp

          Filesize

          8KB

          Download

        • memory/4692-2-0x0000000140000000-0x0000000141000000-memory.dmp

          Filesize

          16.0MB

          Download