fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a

General

Target

fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe
Size

3.6MB
MD5

e880294733cb720e113d9bed9c48f3b2
SHA1

fd0941d7360db65a3c2e2d2978d7c5885decacf6
SHA256

fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a
SHA512

7ef32ddd04d4246b1bd2d79f7066b72add5d02b17aea61d30d58f65fcab4e8adf48f67e7cb7aa1dc972c6689e57a6db14078453605e902d769558d72da63b0bb
SSDEEP

49152:5vYrApk3tq9vR0p9SIaETUGurzBajpTCJtoKLKMwbONOCKAVnIhQLy7+ENQSIpaS:5vGkk9q9vuqyUGpuKqqARlOwSIpa

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs

pid	Process
2640	fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe
2640	fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe
2640	fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe
2640	fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe
2640	fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe
2640	fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe
2640	fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe
2640	fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe
2640	fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe
2640	fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe
2640	fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe
2640	fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe
2640	fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe
2640	fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe
2640	fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe
2640	fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2640	fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe
2640	fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2640	fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe
2640	fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2640	fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe
2640	fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2640	fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe
2640	fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe

C:\Users\Admin\AppData\Local\Temp\fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe
"C:\Users\Admin\AppData\Local\Temp\fb4797d4741a387e8746a6a698c32d279b115685a2a276f6345d52eb2729766a.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2640-0-0x00000000005F0000-0x0000000001514000-memory.dmp

Filesize
15.1MB

Download
memory/2640-1-0x00007FF4D44F0000-0x00007FF4D48C1000-memory.dmp

Filesize
3.8MB

Download
memory/2640-3-0x00007FFCF728D000-0x00007FFCF728E000-memory.dmp

Filesize
4KB

Download
memory/2640-5-0x00007FFCF71F0000-0x00007FFCF73E5000-memory.dmp

Filesize
2.0MB

Download
memory/2640-2-0x00000000005F0000-0x0000000001514000-memory.dmp

Filesize
15.1MB

Download
memory/2640-4-0x00007FFCF71F0000-0x00007FFCF73E5000-memory.dmp

Filesize
2.0MB

Download
memory/2640-6-0x00000000005F0000-0x0000000001514000-memory.dmp

Filesize
15.1MB

Download
memory/2640-7-0x00000000005F0000-0x0000000001514000-memory.dmp

Filesize
15.1MB

Download
memory/2640-8-0x00007FFCF71F0000-0x00007FFCF73E5000-memory.dmp

Filesize
2.0MB

Download
memory/2640-10-0x00007FFCF71F0000-0x00007FFCF73E5000-memory.dmp

Filesize
2.0MB

Download
memory/2640-11-0x00007FFCF71F0000-0x00007FFCF73E5000-memory.dmp

Filesize
2.0MB

Download
memory/2640-9-0x00007FFCF71F0000-0x00007FFCF73E5000-memory.dmp

Filesize
2.0MB

Download
memory/2640-12-0x00007FFCF71F0000-0x00007FFCF73E5000-memory.dmp

Filesize
2.0MB

Download
memory/2640-13-0x00000000005F0000-0x0000000001514000-memory.dmp

Filesize
15.1MB

Download
memory/2640-15-0x00007FFCF71F0000-0x00007FFCF73E5000-memory.dmp

Filesize
2.0MB

Download
memory/2640-14-0x00007FF4D44F0000-0x00007FF4D48C1000-memory.dmp

Filesize
3.8MB

Download
memory/2640-17-0x000000001FC10000-0x0000000020367000-memory.dmp

Filesize
7.3MB

Download
memory/2640-16-0x00000000005F0000-0x0000000001514000-memory.dmp

Filesize
15.1MB

Download
memory/2640-18-0x00000000005F0000-0x0000000001514000-memory.dmp

Filesize
15.1MB

Download
memory/2640-20-0x00000000005F0000-0x0000000001514000-memory.dmp

Filesize
15.1MB

Download
memory/2640-22-0x00000000005F0000-0x0000000001514000-memory.dmp

Filesize
15.1MB

Download
memory/2640-24-0x00000000005F0000-0x0000000001514000-memory.dmp

Filesize
15.1MB

Download
memory/2640-26-0x00000000005F0000-0x0000000001514000-memory.dmp

Filesize
15.1MB

Download
memory/2640-28-0x00000000005F0000-0x0000000001514000-memory.dmp

Filesize
15.1MB

Download
memory/2640-30-0x00000000005F0000-0x0000000001514000-memory.dmp

Filesize
15.1MB

Download
memory/2640-32-0x00000000005F0000-0x0000000001514000-memory.dmp

Filesize
15.1MB

Download
memory/2640-34-0x00000000005F0000-0x0000000001514000-memory.dmp

Filesize
15.1MB

Download
memory/2640-36-0x00000000005F0000-0x0000000001514000-memory.dmp

Filesize
15.1MB

Download
memory/2640-38-0x00000000005F0000-0x0000000001514000-memory.dmp

Filesize
15.1MB

Download
memory/2640-40-0x00000000005F0000-0x0000000001514000-memory.dmp

Filesize
15.1MB

Download
memory/2640-42-0x00000000005F0000-0x0000000001514000-memory.dmp

Filesize
15.1MB

Download

Analysis

Sharing