Overview

overview

10

Static

static

3

04e16c8555...c8.exe

windows10-ltsc 2021-x64

10

04e16c8555...c8.exe

windows11-21h2-x64

5

Resubmissions

10-11-2024 23:13

241110-27k7lazqcj 10

10-11-2024 23:09

241110-25grdszphn 6

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    10-11-2024 23:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04e16c855515880799c8.exe

  • Size

    8.2MB

  • MD5

    36b488690c9707ce7535f89ecbf494ce

  • SHA1

    eb4ba5cad20093988d2fa1380b157402e4f97717

  • SHA256

    b10c01a7256143b3abb1d6fe2115ecd651fe639bccadaf3dd88d1d68e1bf50c4

  • SHA512

    26c95b5a5a5313575a1237bc66fc2dcb1560f216d54bade0985bcc8ee8df3f80457f3a979d0d1349fc2e14a5e7352c2a1e55f69a1acb5e7fa16da77497c2255d

  • SSDEEP

    196608:hT0JUsBIIbr03TNMM06YxuHCFhIL1yLmj+Bfu0Qgfe/q+MMF1o:x0JU85kD6MFniFs1/jGNKZMMF1o

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Modifies data under HKEY_USERS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04e16c855515880799c8.exe
    "C:\Users\Admin\AppData\Local\Temp\04e16c855515880799c8.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    PID:3996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3996-0-0x00000001401A1000-0x000000014068C000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/3996-1-0x00007FFEAFBF0000-0x00007FFEAFBF2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3996-3-0x0000000140000000-0x0000000140EBF000-memory.dmp

    Filesize

    14.7MB

    Download

  • memory/3996-7-0x0000000140000000-0x0000000140EBF000-memory.dmp

    Filesize

    14.7MB

    Download

  • memory/3996-2-0x00007FFEAFC00000-0x00007FFEAFC02000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3996-8-0x0000000140000000-0x0000000140EBF000-memory.dmp

    Filesize

    14.7MB

    Download

  • memory/3996-9-0x00000001401A1000-0x000000014068C000-memory.dmp

    Filesize

    4.9MB

    Download

  • memory/3996-10-0x0000000140000000-0x0000000140EBF000-memory.dmp

    Filesize

    14.7MB

    Download

  • memory/3996-11-0x0000000140000000-0x0000000140EBF000-memory.dmp

    Filesize

    14.7MB

    Download