Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
29-08-2024 17:17
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
bJeu73V3Z2.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
bJeu73V3Z2.exe
-
Size
5.6MB
-
MD5
56e3e9a636b9694f8dad8be266941e41
-
SHA1
303bd579868acab369d5c9d7f8dbac027b1e6400
-
SHA256
799150a14a7a7d8e95d7dbd96cb6c9b182d884438aae8d4366f286e192205fc3
-
SHA512
504b2f7e568cf7dd96154d1e4daf7b6b1609d0bdeefc4798f4f80f665fe2fbee7c684869ac23dea6959735c6976455406f745a374edbd4d9d0d520e38de478fd
-
SSDEEP
98304:yVQ/sE5eEN5swAz1+SSWXoaR+di+2SLM1ypAiyJJN0HrrsTSFae5RU/X:EQ/LEEkwO1VYq+divWMkpenNwxXO
Score
5/10
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
pid Process 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe 64 bJeu73V3Z2.exe -
Suspicious use of WriteProcessMemory 10 IoCs
description pid Process procid_target PID 64 wrote to memory of 2372 64 bJeu73V3Z2.exe 86 PID 64 wrote to memory of 2372 64 bJeu73V3Z2.exe 86 PID 2372 wrote to memory of 2144 2372 cmd.exe 87 PID 2372 wrote to memory of 2144 2372 cmd.exe 87 PID 2372 wrote to memory of 4980 2372 cmd.exe 88 PID 2372 wrote to memory of 4980 2372 cmd.exe 88 PID 2372 wrote to memory of 5060 2372 cmd.exe 89 PID 2372 wrote to memory of 5060 2372 cmd.exe 89 PID 64 wrote to memory of 4860 64 bJeu73V3Z2.exe 93 PID 64 wrote to memory of 4860 64 bJeu73V3Z2.exe 93
Processes
-
C:\Users\Admin\AppData\Local\Temp\bJeu73V3Z2.exe"C:\Users\Admin\AppData\Local\Temp\bJeu73V3Z2.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:64 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\bJeu73V3Z2.exe" MD5 | find /i /v "md5" | find /i /v "certutil"2⤵
- Suspicious use of WriteProcessMemory
PID:2372 -
C:\Windows\system32\certutil.execertutil -hashfile "C:\Users\Admin\AppData\Local\Temp\bJeu73V3Z2.exe" MD53⤵PID:2144
-
-
C:\Windows\system32\find.exefind /i /v "md5"3⤵PID:4980
-
-
C:\Windows\system32\find.exefind /i /v "certutil"3⤵PID:5060
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c CLS2⤵PID:4860
-