Overview

overview

6

Static

static

3

f46b9aeafe...b0.exe

windows7-x64

6

f46b9aeafe...b0.exe

windows10-2004-x64

6

Resubmissions

03/07/2024, 11:55

240703-n3eblasbmf 6

03/07/2024, 11:47

240703-nya4da1fqa 6

24/06/2024, 09:08

240624-k4bqbavbqf 6

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/07/2024, 11:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f46b9aeafe296ebbad909e927fad26a21b05fbbc68cb446299c224fd27ea7fb0.exe

  • Size

    5.0MB

  • MD5

    d460bb3fb4b3aa150b7f7d0fae0fc9e5

  • SHA1

    277435044e6219200a8c72bea1a3d2cd2eff291b

  • SHA256

    f46b9aeafe296ebbad909e927fad26a21b05fbbc68cb446299c224fd27ea7fb0

  • SHA512

    e77c39cd95fbba29baf9c6e7ba593830d6881f8d537ba36b07ebe333b4abcf10697755815ae30970dc29911291737e9c5b4d51e88f0ac349971a1653aab107f0

  • SSDEEP

    98304:Uh4WPtUlGKtV58B7Pg1iX24Y5YZZqPnhIX4Pla6pMsA6H+nDsM/:UJ1Ul1tLwyiX2nYqPn6ytpzhysM

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f46b9aeafe296ebbad909e927fad26a21b05fbbc68cb446299c224fd27ea7fb0.exe
    "C:\Users\Admin\AppData\Local\Temp\f46b9aeafe296ebbad909e927fad26a21b05fbbc68cb446299c224fd27ea7fb0.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3708
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c tzutil /g
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1776
      • C:\Windows\SysWOW64\tzutil.exe
        tzutil /g
        3⤵
          PID:636

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3708-1-0x00000000001A0000-0x0000000000969000-memory.dmp

      Filesize

      7.8MB

      Download

    • memory/3708-4-0x00000000001A0000-0x0000000000969000-memory.dmp

      Filesize

      7.8MB

      Download

    • memory/3708-3-0x00000000001CA000-0x0000000000462000-memory.dmp

      Filesize

      2.6MB

      Download

    • memory/3708-0-0x0000000001160000-0x0000000001161000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3708-5-0x00000000001CA000-0x0000000000462000-memory.dmp

      Filesize

      2.6MB

      Download

    • memory/3708-6-0x0000000000FC0000-0x0000000000FC2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3708-7-0x0000000000FE0000-0x0000000000FF0000-memory.dmp

      Filesize

      64KB

      Download