Analysis
-
max time kernel
134s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
19/08/2024, 11:37
Static task
static1
Behavioral task
behavioral1
Sample
DuiLib64.dll
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral2
Sample
DuiLib64.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
RC.exe
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral4
Sample
RC.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
config.exe
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral6
Sample
config.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
http.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral8
Sample
http.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
config.exe
-
Size
1.1MB
-
MD5
fa24a03ef43419c0d6c722869970020e
-
SHA1
145686908842efab60d1c178103d77b314e3560f
-
SHA256
5318221ef1e8c1a309149d5c2697a35738c739c99e68bd1abfbd9af248bef436
-
SHA512
94293bea498d63a588b0a289b5053db8ebfd66504dd8fe60c4ed2c6a8f01b51920a6c2ca7d2a2ccfc3040cd8054d328a606f96ff72eb168f8aca80e147914c0e
-
SSDEEP
24576:DmTx63e1uLV4XTN0uCNln2dhIz9QkZrcwI0jdnJsmcKR:DmNY3VKyuAV6hE9QEIWsmcO
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 2272 config.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe 2272 config.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 2272 config.exe Token: SeDebugPrivilege 2272 config.exe