Resubmissions

31/10/2024, 06:08

241031-gv683ssard 8

31/10/2024, 05:56

241031-gm4g8asbmn 5

31/10/2024, 05:55

241031-gmjstasbln 5

Analysis

  • max time kernel
    97s
  • max time network
    208s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    31/10/2024, 05:56

General

  • Target

    artifact.exe

  • Size

    12.4MB

  • MD5

    d5f1f49da304a6471279d0427df47b10

  • SHA1

    270ccd40ec7280d081df2a54ab7315ada5cb0a07

  • SHA256

    166da15b42a0184c5375be94ab1180052eaf08eb09cb1af406329d96f542d75f

  • SHA512

    793f5fbb0ba4beabb6affceac4d28e68a3484c70f75344cc4ec835c66f0946d3755e7c645d55b252ae819f6df72dc8674b2f2a77371cc2701a8287cb56e2ce60

  • SSDEEP

    393216:npPpFTO4wV4fq3jqkbrba+ppiQqKY3qz:npPpFTO4wOfq3mkHu+pthY3qz

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\artifact.exe
    "C:\Users\Admin\AppData\Local\Temp\artifact.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:6024

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/6024-0-0x0000000000405000-0x0000000000B66000-memory.dmp

          Filesize

          7.4MB

        • memory/6024-2-0x00007FF851640000-0x00007FF851642000-memory.dmp

          Filesize

          8KB

        • memory/6024-1-0x00007FF851630000-0x00007FF851632000-memory.dmp

          Filesize

          8KB

        • memory/6024-3-0x0000000000400000-0x00000000017D0000-memory.dmp

          Filesize

          19.8MB

        • memory/6024-4-0x0000000000400000-0x00000000017D0000-memory.dmp

          Filesize

          19.8MB

        • memory/6024-5-0x0000000000405000-0x0000000000B66000-memory.dmp

          Filesize

          7.4MB

        • memory/6024-6-0x0000000000400000-0x00000000017D0000-memory.dmp

          Filesize

          19.8MB