Overview

overview

5

Static

static

3

f203f5c38a...8f.exe

windows7-x64

5

f203f5c38a...8f.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/07/2024, 02:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f203f5c38a3e1c0d9a321cd975c1937ff392c889dfe19961dfd6275538a8c78f.exe

  • Size

    5.6MB

  • MD5

    960d58bf6c504d71698cf90360ebb24d

  • SHA1

    99b035dd8fe0e19091589835f7ac32bd506c20fc

  • SHA256

    f203f5c38a3e1c0d9a321cd975c1937ff392c889dfe19961dfd6275538a8c78f

  • SHA512

    4d06a1eaccd8deaed179217134c8a6a656f9a2ef8c7bebf49c38881d3ff3b850094de2da0076f34b9c4f22e3ce6692f230cb2f1a89d658b0d68625800f6961e9

  • SSDEEP

    98304:w3UJcaY8LFDvnRjiO5fyjzClK3MGhPtPk1DoX73iR/N9nBwMJBQIy85boe:YUJcMLFDPRjl4CwMG3Pk1crSN19kIFbT

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f203f5c38a3e1c0d9a321cd975c1937ff392c889dfe19961dfd6275538a8c78f.exe
    "C:\Users\Admin\AppData\Local\Temp\f203f5c38a3e1c0d9a321cd975c1937ff392c889dfe19961dfd6275538a8c78f.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2464-0-0x0000000000893000-0x0000000000B78000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2464-1-0x00007FF996010000-0x00007FF996012000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2464-4-0x00007FF995130000-0x00007FF995132000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2464-3-0x00007FF995120000-0x00007FF995122000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2464-2-0x00007FF996020000-0x00007FF996022000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2464-5-0x00007FF993880000-0x00007FF993882000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2464-6-0x00007FF993890000-0x00007FF993892000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2464-7-0x00007FF996030000-0x00007FF996032000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2464-12-0x0000000000400000-0x0000000001111000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/2464-13-0x0000000000400000-0x0000000001111000-memory.dmp

    Filesize

    13.1MB

    Download

  • memory/2464-14-0x0000000003140000-0x00000000031A0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2464-16-0x0000000000893000-0x0000000000B78000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2464-17-0x0000000000400000-0x0000000001111000-memory.dmp

    Filesize

    13.1MB

    Download