f203f5c38a3e1c0d9a321cd975c1937ff392c889dfe19961dfd6275538a8c78f

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f203f5c38a3e1c0d9a321cd975c1937ff392c889dfe19961dfd6275538a8c78f.exe
Size

5.6MB
MD5

960d58bf6c504d71698cf90360ebb24d
SHA1

99b035dd8fe0e19091589835f7ac32bd506c20fc
SHA256

f203f5c38a3e1c0d9a321cd975c1937ff392c889dfe19961dfd6275538a8c78f
SHA512

4d06a1eaccd8deaed179217134c8a6a656f9a2ef8c7bebf49c38881d3ff3b850094de2da0076f34b9c4f22e3ce6692f230cb2f1a89d658b0d68625800f6961e9
SSDEEP

98304:w3UJcaY8LFDvnRjiO5fyjzClK3MGhPtPk1DoX73iR/N9nBwMJBQIy85boe:YUJcMLFDPRjl4CwMG3Pk1crSN19kIFbT

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2088	f203f5c38a3e1c0d9a321cd975c1937ff392c889dfe19961dfd6275538a8c78f.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2088	f203f5c38a3e1c0d9a321cd975c1937ff392c889dfe19961dfd6275538a8c78f.exe
2088	f203f5c38a3e1c0d9a321cd975c1937ff392c889dfe19961dfd6275538a8c78f.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2088	f203f5c38a3e1c0d9a321cd975c1937ff392c889dfe19961dfd6275538a8c78f.exe

C:\Users\Admin\AppData\Local\Temp\f203f5c38a3e1c0d9a321cd975c1937ff392c889dfe19961dfd6275538a8c78f.exe
"C:\Users\Admin\AppData\Local\Temp\f203f5c38a3e1c0d9a321cd975c1937ff392c889dfe19961dfd6275538a8c78f.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2088-4-0x0000000077580000-0x0000000077582000-memory.dmp

Filesize
8KB

Download
memory/2088-2-0x0000000077580000-0x0000000077582000-memory.dmp

Filesize
8KB

Download
memory/2088-0-0x0000000077580000-0x0000000077582000-memory.dmp

Filesize
8KB

Download
memory/2088-7-0x0000000077590000-0x0000000077592000-memory.dmp

Filesize
8KB

Download
memory/2088-5-0x0000000077590000-0x0000000077592000-memory.dmp

Filesize
8KB

Download
memory/2088-29-0x000007FEFD410000-0x000007FEFD412000-memory.dmp

Filesize
8KB

Download
memory/2088-35-0x00000000775C0000-0x00000000775C2000-memory.dmp

Filesize
8KB

Download
memory/2088-33-0x00000000775C0000-0x00000000775C2000-memory.dmp

Filesize
8KB

Download
memory/2088-31-0x00000000775C0000-0x00000000775C2000-memory.dmp

Filesize
8KB

Download
memory/2088-30-0x0000000000893000-0x0000000000B78000-memory.dmp

Filesize
2.9MB

Download
memory/2088-27-0x000007FEFD410000-0x000007FEFD412000-memory.dmp

Filesize
8KB

Download
memory/2088-24-0x000007FEFD400000-0x000007FEFD402000-memory.dmp

Filesize
8KB

Download
memory/2088-22-0x000007FEFD400000-0x000007FEFD402000-memory.dmp

Filesize
8KB

Download
memory/2088-19-0x00000000775B0000-0x00000000775B2000-memory.dmp

Filesize
8KB

Download
memory/2088-17-0x00000000775B0000-0x00000000775B2000-memory.dmp

Filesize
8KB

Download
memory/2088-15-0x00000000775B0000-0x00000000775B2000-memory.dmp

Filesize
8KB

Download
memory/2088-14-0x00000000775A0000-0x00000000775A2000-memory.dmp

Filesize
8KB

Download
memory/2088-12-0x00000000775A0000-0x00000000775A2000-memory.dmp

Filesize
8KB

Download
memory/2088-10-0x00000000775A0000-0x00000000775A2000-memory.dmp

Filesize
8KB

Download
memory/2088-9-0x0000000077590000-0x0000000077592000-memory.dmp

Filesize
8KB

Download
memory/2088-37-0x0000000000400000-0x0000000001111000-memory.dmp

Filesize
13.1MB

Download
memory/2088-41-0x0000000000400000-0x0000000001111000-memory.dmp

Filesize
13.1MB

Download
memory/2088-42-0x0000000000400000-0x0000000001111000-memory.dmp

Filesize
13.1MB

Download