Overview

overview

5

Static

static

3

Gen_Spoofer.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    27s
  • max time network
    26s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/09/2024, 10:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Gen_Spoofer.exe

  • Size

    20.5MB

  • MD5

    5d04b8d0e731ebe7be4415026b06f997

  • SHA1

    a215cf1862b8515f75def29f23c10cd56afc5cec

  • SHA256

    236e81a2705d696faed49a7dbc0392198819ffd70417d79e73d1f2359a3b56e4

  • SHA512

    445c8d28eb86a8ce04fde6db8ead60486d727253485dde5192af9dab1ab338554407c650e35fd49381ee6071b5aa8848f36b04dbedaf52f40293016303351b08

  • SSDEEP

    393216:reYQs8eb59i4rRh3rtqGPzcCpNoYYeTvWwWe3inzc35fJYPNK768lz:rlJ88JVVrtqGPzTNYNng3RJn6

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Gen_Spoofer.exe
    "C:\Users\Admin\AppData\Local\Temp\Gen_Spoofer.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:892
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c cls
      2⤵
        PID:2940

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/892-0-0x00007FF6B924B000-0x00007FF6B9B3E000-memory.dmp

            Filesize

            8.9MB

            Download

          • memory/892-1-0x00007FF9F2D50000-0x00007FF9F2D52000-memory.dmp

            Filesize

            8KB

            Download

          • memory/892-2-0x00007FF9F2D60000-0x00007FF9F2D62000-memory.dmp

            Filesize

            8KB

            Download

          • memory/892-3-0x00007FF6B8150000-0x00007FF6BAFBA000-memory.dmp

            Filesize

            46.4MB

            Download

          • memory/892-5-0x00007FF6B8150000-0x00007FF6BAFBA000-memory.dmp

            Filesize

            46.4MB

            Download

          • memory/892-9-0x00007FF6B924B000-0x00007FF6B9B3E000-memory.dmp

            Filesize

            8.9MB

            Download

          • memory/892-10-0x00007FF6B8150000-0x00007FF6BAFBA000-memory.dmp

            Filesize

            46.4MB

            Download