d049cf5eba347383b765fa5283d7488b264e3b934079b73c446a730fe3391951

Analysis

max time kernel
143s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 12:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d049cf5eba347383b765fa5283d7488b264e3b934079b73c446a730fe3391951.exe
Size

7.2MB
MD5

acd3a3fcfd3b65e6b705b9087a07663d
SHA1

52424c660cd277697f45d7157ac99e14ea7f7f62
SHA256

d049cf5eba347383b765fa5283d7488b264e3b934079b73c446a730fe3391951
SHA512

3af626c8e23a70b2b2114ae379d55d5ad19b4dee133a1e5dbde30ff9272a79b7f922a96792dfd5fc2341b125ebdb5947fdd4a4e515f0f1c6e4cb53be170bbd07
SSDEEP

98304:4ltqp9uwQRZ/tQ/ykxuHIDQvCn2RC5nOo9RFqf+Qz03XwfF1gXnMKk0:ity9uZRZxW+LCn6C5Oo9TqmY03XweMS

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs

pid	Process
1848	d049cf5eba347383b765fa5283d7488b264e3b934079b73c446a730fe3391951.exe
1848	d049cf5eba347383b765fa5283d7488b264e3b934079b73c446a730fe3391951.exe
1848	d049cf5eba347383b765fa5283d7488b264e3b934079b73c446a730fe3391951.exe
1848	d049cf5eba347383b765fa5283d7488b264e3b934079b73c446a730fe3391951.exe
1848	d049cf5eba347383b765fa5283d7488b264e3b934079b73c446a730fe3391951.exe
1848	d049cf5eba347383b765fa5283d7488b264e3b934079b73c446a730fe3391951.exe
1848	d049cf5eba347383b765fa5283d7488b264e3b934079b73c446a730fe3391951.exe
1848	d049cf5eba347383b765fa5283d7488b264e3b934079b73c446a730fe3391951.exe
1848	d049cf5eba347383b765fa5283d7488b264e3b934079b73c446a730fe3391951.exe
1848	d049cf5eba347383b765fa5283d7488b264e3b934079b73c446a730fe3391951.exe
1848	d049cf5eba347383b765fa5283d7488b264e3b934079b73c446a730fe3391951.exe
1848	d049cf5eba347383b765fa5283d7488b264e3b934079b73c446a730fe3391951.exe
1848	d049cf5eba347383b765fa5283d7488b264e3b934079b73c446a730fe3391951.exe
1848	d049cf5eba347383b765fa5283d7488b264e3b934079b73c446a730fe3391951.exe
1848	d049cf5eba347383b765fa5283d7488b264e3b934079b73c446a730fe3391951.exe
1848	d049cf5eba347383b765fa5283d7488b264e3b934079b73c446a730fe3391951.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1848	d049cf5eba347383b765fa5283d7488b264e3b934079b73c446a730fe3391951.exe
1848	d049cf5eba347383b765fa5283d7488b264e3b934079b73c446a730fe3391951.exe
1848	d049cf5eba347383b765fa5283d7488b264e3b934079b73c446a730fe3391951.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1848	d049cf5eba347383b765fa5283d7488b264e3b934079b73c446a730fe3391951.exe

C:\Users\Admin\AppData\Local\Temp\d049cf5eba347383b765fa5283d7488b264e3b934079b73c446a730fe3391951.exe
"C:\Users\Admin\AppData\Local\Temp\d049cf5eba347383b765fa5283d7488b264e3b934079b73c446a730fe3391951.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1848-0-0x000000013F3F0000-0x0000000140960000-memory.dmp

Filesize
21.4MB

Download
memory/1848-1-0x000007FFFFBD0000-0x000007FFFFFA1000-memory.dmp

Filesize
3.8MB

Download
memory/1848-3-0x000000013F3F0000-0x0000000140960000-memory.dmp

Filesize
21.4MB

Download
memory/1848-6-0x0000000077990000-0x00000000779A0000-memory.dmp

Filesize
64KB

Download
memory/1848-2-0x000000013F3F0000-0x0000000140960000-memory.dmp

Filesize
21.4MB

Download
memory/1848-4-0x000000013F3F0000-0x0000000140960000-memory.dmp

Filesize
21.4MB

Download
memory/1848-7-0x0000000002060000-0x0000000002061000-memory.dmp

Filesize
4KB

Download
memory/1848-5-0x000000013F3F0000-0x0000000140960000-memory.dmp

Filesize
21.4MB

Download
memory/1848-8-0x000000013F3F0000-0x0000000140960000-memory.dmp

Filesize
21.4MB

Download
memory/1848-10-0x000007FFFFBD0000-0x000007FFFFFA1000-memory.dmp

Filesize
3.8MB

Download
memory/1848-9-0x000000013F3F0000-0x0000000140960000-memory.dmp

Filesize
21.4MB

Download
memory/1848-11-0x0000000002060000-0x0000000002061000-memory.dmp

Filesize
4KB

Download
memory/1848-12-0x000000013F3F0000-0x0000000140960000-memory.dmp

Filesize
21.4MB

Download
memory/1848-14-0x000000013F3F0000-0x0000000140960000-memory.dmp

Filesize
21.4MB

Download
memory/1848-15-0x000000013F3F0000-0x0000000140960000-memory.dmp

Filesize
21.4MB

Download
memory/1848-16-0x000000013F3F0000-0x0000000140960000-memory.dmp

Filesize
21.4MB

Download
memory/1848-17-0x000000013F3F0000-0x0000000140960000-memory.dmp

Filesize
21.4MB

Download
memory/1848-18-0x000000013F3F0000-0x0000000140960000-memory.dmp

Filesize
21.4MB

Download
memory/1848-19-0x000000013F3F0000-0x0000000140960000-memory.dmp

Filesize
21.4MB

Download
memory/1848-20-0x000000013F3F0000-0x0000000140960000-memory.dmp

Filesize
21.4MB

Download
memory/1848-21-0x000000013F3F0000-0x0000000140960000-memory.dmp

Filesize
21.4MB

Download
memory/1848-22-0x000000013F3F0000-0x0000000140960000-memory.dmp

Filesize
21.4MB

Download
memory/1848-23-0x000000013F3F0000-0x0000000140960000-memory.dmp

Filesize
21.4MB

Download
memory/1848-24-0x000000013F3F0000-0x0000000140960000-memory.dmp

Filesize
21.4MB

Download