netsupport | 9dbdfb34255ed018dd25d41538988d063ec2bbb427e4119fa65d13067cfb2931

Analysis

max time kernel
135s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
03-07-2024 07:54

Target

9dbdfb34255ed018dd25d41538988d063ec2bbb427e4119fa65d13067cfb2931.exe
Size

1.0MB
MD5

3055d7d856193351022b17de82794048
SHA1

87a0ea8df4c9ee9c8f94765dec476bb050bd6fca
SHA256

9dbdfb34255ed018dd25d41538988d063ec2bbb427e4119fa65d13067cfb2931
SHA512

3086b3f56c33d5f190918a3bb00e3a9a5d2211ebe76dd454024ad4147db243f3f2862bd369e355d40d82598ce5d0fddb3dd1be5feed0d818e980eeff070ee680
SSDEEP

24576:sXpcw+dqjKPadLWGxkMOHbeMIeGqZsEr6:sXwYKPadLWGxkMOHu0Si6

Score

10^/10

netsupport rat

NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
rat netsupport

Drops file in System32 directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\combase.pdb	9dbdfb34255ed018dd25d41538988d063ec2bbb427e4119fa65d13067cfb2931.exe
File opened for modification	C:\Windows\SysWOW64\wkernel32.pdb	9dbdfb34255ed018dd25d41538988d063ec2bbb427e4119fa65d13067cfb2931.exe
File opened for modification	C:\Windows\SysWOW64\wntdll.pdb	9dbdfb34255ed018dd25d41538988d063ec2bbb427e4119fa65d13067cfb2931.exe
File opened for modification	C:\Windows\SysWOW64\wkernelbase.pdb	9dbdfb34255ed018dd25d41538988d063ec2bbb427e4119fa65d13067cfb2931.exe
File opened for modification	C:\Windows\SysWOW64\wgdi32full.pdb	9dbdfb34255ed018dd25d41538988d063ec2bbb427e4119fa65d13067cfb2931.exe
File opened for modification	C:\Windows\SysWOW64\DWrite.pdb	9dbdfb34255ed018dd25d41538988d063ec2bbb427e4119fa65d13067cfb2931.exe
File opened for modification	C:\Windows\SysWOW64\TextShaping.pdb	9dbdfb34255ed018dd25d41538988d063ec2bbb427e4119fa65d13067cfb2931.exe
File opened for modification	C:\Windows\SysWOW64\apphelp.pdb	9dbdfb34255ed018dd25d41538988d063ec2bbb427e4119fa65d13067cfb2931.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.1288_none_d9539a9fe102720c\gdiplus.pdb	9dbdfb34255ed018dd25d41538988d063ec2bbb427e4119fa65d13067cfb2931.exe
File opened for modification	C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.pdb	9dbdfb34255ed018dd25d41538988d063ec2bbb427e4119fa65d13067cfb2931.exe