Overview

overview

5

Static

static

3

Yvcy6xVFyV...1).exe

windows7-x64

5

Yvcy6xVFyV...1).exe

windows10-2004-x64

5

Analysis

  • max time kernel
    586s
  • max time network
    431s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/07/2024, 08:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Yvcy6xVFyVa7CNFx (1).exe

  • Size

    12.5MB

  • MD5

    6dcafe205c42486ea9100ecc7b783e19

  • SHA1

    a0e9937036cdbaa7a928418c67a11cd2cdc48842

  • SHA256

    e3b7264fa3bf1b63853726decbf86bbabb7704359b4bee9639120e6929e10def

  • SHA512

    8385cbd582cc4fef9cdbbcdb66411c4c42f32405945fdf215bb6cf2f943425f969f00ece0a2eb92153672839e5bfb61dd59ead5089c54444fb2c26881b778a0c

  • SSDEEP

    196608:ugDy7lLb2gpkYaFlBN+46/e8wS93L55Pd0tSHWt0Z6bd1p6ArTmRUb:ugy32gGFlz+4meTS9WWY0iJeU

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • cURL User-Agent 1 IoCs

    Uses User-Agent string associated with cURL utility.

Processes

  • C:\Users\Admin\AppData\Local\Temp\Yvcy6xVFyVa7CNFx (1).exe
    "C:\Users\Admin\AppData\Local\Temp\Yvcy6xVFyVa7CNFx (1).exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:5076
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x41c 0x33c
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5076-0-0x00007FF71C44F000-0x00007FF71CB9F000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/5076-2-0x00007FFF59420000-0x00007FFF59422000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5076-1-0x00007FFF59410000-0x00007FFF59412000-memory.dmp

    Filesize

    8KB

    Download

  • memory/5076-7-0x00007FF71C390000-0x00007FF71D81B000-memory.dmp

    Filesize

    20.5MB

    Download

  • memory/5076-3-0x00007FF71C390000-0x00007FF71D81B000-memory.dmp

    Filesize

    20.5MB

    Download

  • memory/5076-8-0x00007FF71C44F000-0x00007FF71CB9F000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/5076-9-0x00007FF71C390000-0x00007FF71D81B000-memory.dmp

    Filesize

    20.5MB

    Download

  • memory/5076-11-0x00007FF71C44F000-0x00007FF71CB9F000-memory.dmp

    Filesize

    7.3MB

    Download

  • memory/5076-12-0x00007FF71C390000-0x00007FF71D81B000-memory.dmp

    Filesize

    20.5MB

    Download