Overview

overview

8

Static

static

3

file.exe

windows7-x64

8

file.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    513KB

  • Sample

    240906-g67nzs1cmn

  • MD5

    24d4de7a804e44b43ee293956d95dc67

  • SHA1

    d9640dc6ce7eb3fd177e3365079f29871788575c

  • SHA256

    5a47bd114995212a9166e197e412736b01ed55036a580b0cf0622622b030ae5f

  • SHA512

    337dd06a4060142313bc6bf7bba1874f976b04997b4d9e60ca2f6f84e44973ae9f24c9fb4bc20e735c48b01e46c1dafd8154f169fad2c6757c45a286f668a0c2

  • SSDEEP

    12288:WQFk0OkQKiNU3oYb/dejj6PVGHyu0u0+RlBbK3Q:W/PYpejj6PVYyuv0+RlBbH

Score
8/10
discoveryexecution

Malware Config

Targets

    • Target

      file.exe

    • Size

      513KB

    • MD5

      24d4de7a804e44b43ee293956d95dc67

    • SHA1

      d9640dc6ce7eb3fd177e3365079f29871788575c

    • SHA256

      5a47bd114995212a9166e197e412736b01ed55036a580b0cf0622622b030ae5f

    • SHA512

      337dd06a4060142313bc6bf7bba1874f976b04997b4d9e60ca2f6f84e44973ae9f24c9fb4bc20e735c48b01e46c1dafd8154f169fad2c6757c45a286f668a0c2

    • SSDEEP

      12288:WQFk0OkQKiNU3oYb/dejj6PVGHyu0u0+RlBbK3Q:W/PYpejj6PVYyuv0+RlBbH

    Score
    8/10
    discoveryexecution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks