2076b4163b6093444d19190c53e7ff3a931778e8dcd8b759d94d7f2cf8faecab

Analysis

max time kernel
61s
max time network
142s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
03-08-2024 03:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Hi/owo.exe
Size

20.7MB
MD5

d460573ca306c2990e363a1331de43a7
SHA1

d5556260fd9d769ccaea46d329589ab87e778c3f
SHA256

793c43fdd0ad1d22f564d110c84c08f41d968065e6162327b134a0226b802213
SHA512

6249630df6fbd87a583f110a37815c4590e45692244046c11fdbe6bfd2cfc5f28adc11ac55bef5a2ebb290835f4dd36b5e164c2a6178cefe57002276879593a8
SSDEEP

393216:TG+fJMUecs6bQDTt5ibbJIcpXcJHieKCRdjKIIZHu9jr+ifhSQ:ps7+QDCbSoXcDKs2IIwttfhd

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
1420	owo.exe
1420	owo.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe
1420	owo.exe

C:\Users\Admin\AppData\Local\Temp\Hi\owo.exe
"C:\Users\Admin\AppData\Local\Temp\Hi\owo.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:1420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1420-0-0x0000000140024000-0x0000000140D52000-memory.dmp

Filesize
13.2MB

Download
memory/1420-2-0x00007FFFB00C0000-0x00007FFFB00C2000-memory.dmp

Filesize
8KB

Download
memory/1420-1-0x00007FFFB00B0000-0x00007FFFB00B2000-memory.dmp

Filesize
8KB

Download
memory/1420-4-0x00007FFFB00E0000-0x00007FFFB00E2000-memory.dmp

Filesize
8KB

Download
memory/1420-5-0x00007FFFB00F0000-0x00007FFFB00F2000-memory.dmp

Filesize
8KB

Download
memory/1420-3-0x00007FFFB00D0000-0x00007FFFB00D2000-memory.dmp

Filesize
8KB

Download
memory/1420-9-0x00007FFFB0120000-0x00007FFFB0122000-memory.dmp

Filesize
8KB

Download
memory/1420-8-0x00007FFFB0110000-0x00007FFFB0112000-memory.dmp

Filesize
8KB

Download
memory/1420-7-0x00007FFFB0100000-0x00007FFFB0102000-memory.dmp

Filesize
8KB

Download
memory/1420-6-0x0000000140000000-0x0000000142211000-memory.dmp

Filesize
34.1MB

Download
memory/1420-14-0x00007FFFB0170000-0x00007FFFB0172000-memory.dmp

Filesize
8KB

Download
memory/1420-10-0x00007FFFB0130000-0x00007FFFB0132000-memory.dmp

Filesize
8KB

Download
memory/1420-12-0x00007FFFB0150000-0x00007FFFB0152000-memory.dmp

Filesize
8KB

Download
memory/1420-17-0x00007FFFB01A0000-0x00007FFFB01A2000-memory.dmp

Filesize
8KB

Download
memory/1420-21-0x00007FFFB01E0000-0x00007FFFB01E2000-memory.dmp

Filesize
8KB

Download
memory/1420-20-0x00007FFFB01D0000-0x00007FFFB01D2000-memory.dmp

Filesize
8KB

Download
memory/1420-19-0x00007FFFB01C0000-0x00007FFFB01C2000-memory.dmp

Filesize
8KB

Download
memory/1420-18-0x00007FFFB01B0000-0x00007FFFB01B2000-memory.dmp

Filesize
8KB

Download
memory/1420-13-0x00007FFFB0160000-0x00007FFFB0162000-memory.dmp

Filesize
8KB

Download
memory/1420-16-0x00007FFFB0190000-0x00007FFFB0192000-memory.dmp

Filesize
8KB

Download
memory/1420-15-0x00007FFFB0180000-0x00007FFFB0182000-memory.dmp

Filesize
8KB

Download
memory/1420-11-0x00007FFFB0140000-0x00007FFFB0142000-memory.dmp

Filesize
8KB

Download
memory/1420-35-0x0000000002050000-0x00000000020D8000-memory.dmp

Filesize
544KB

Download
memory/1420-36-0x00000000020F0000-0x000000000210A000-memory.dmp

Filesize
104KB

Download
memory/1420-23-0x0000000002050000-0x00000000020D8000-memory.dmp

Filesize
544KB

Download
memory/1420-40-0x0000000140000000-0x0000000142211000-memory.dmp

Filesize
34.1MB

Download
memory/1420-29-0x00000000020F0000-0x000000000210A000-memory.dmp

Filesize
104KB

Download
memory/1420-22-0x00007FFFB01F0000-0x00007FFFB01F2000-memory.dmp

Filesize
8KB

Download
memory/1420-37-0x0000000140000000-0x0000000142211000-memory.dmp

Filesize
34.1MB

Download
memory/1420-41-0x0000000140024000-0x0000000140D52000-memory.dmp

Filesize
13.2MB

Download
memory/1420-42-0x0000000140000000-0x0000000142211000-memory.dmp

Filesize
34.1MB

Download