Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
30-06-2024 15:22
General
-
Target
7fe16efb0990ef8c3ad675d40a9ae800f2a8ea973631caa89bac18e73a1778b1.exe
-
Size
5.0MB
-
MD5
dbfc5d7fc5da0a846a3f50a7b42c7b45
-
SHA1
9d39d4649b8541d3784110d15765cf008e99f014
-
SHA256
7fe16efb0990ef8c3ad675d40a9ae800f2a8ea973631caa89bac18e73a1778b1
-
SHA512
1dcff70a8e33c1ccf03c81c6c7ad803030614ab65e0a700b256962d09028d9d73c90d48ab4fb80ee58d8fab2ee954774520b8bd22352c18c0cd82f72b4ba02ba
-
SSDEEP
98304:GBT7X6fsUaOr9yx2ho9jAjksc7a5o0KSB4eoznxFVuy:YTL1Uaa+ioZpG0S4z
Malware Config
Signatures
-
Drops file in Drivers directory 2 IoCs
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
VMProtect packed file 3 IoCs
Detects executables packed with VMProtect commercial packer.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7fe16efb0990ef8c3ad675d40a9ae800f2a8ea973631caa89bac18e73a1778b1.exe"C:\Users\Admin\AppData\Local\Temp\7fe16efb0990ef8c3ad675d40a9ae800f2a8ea973631caa89bac18e73a1778b1.exe"1⤵
- Drops file in Drivers directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c cacls.exe c:\windows\system32\drivers\etc\hosts /e /t /p everyone:F2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cacls.execacls.exe c:\windows\system32\drivers\etc\hosts /e /t /p everyone:F3⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\??\c:\windows\system32\drivers\etc\hostsFilesize
732B
MD5a10c96ee18298bda150c23034adb223a
SHA1b117771cd2ccf45319ea915ad903a82e454b923b
SHA256144e11750b729a052d232218bc0c22aa2e6a31fc43e161d8f9e257066f5de5d6
SHA5121eb27def48b0f57b53c34e88f294842fb4c970a81e7ad55e7bfa718a98bc0792a5e23eaeaa250dc126d12ae2d39c3fffaaffd6eba3c65d11fd31a359bf6fc61d
-
memory/1392-3-0x0000000001120000-0x0000000001121000-memory.dmpFilesize
4KB
-
memory/1392-7-0x0000000001150000-0x0000000001151000-memory.dmpFilesize
4KB
-
memory/1392-6-0x00000000006AD000-0x0000000000922000-memory.dmpFilesize
2.5MB
-
memory/1392-5-0x0000000001140000-0x0000000001141000-memory.dmpFilesize
4KB
-
memory/1392-4-0x0000000001130000-0x0000000001131000-memory.dmpFilesize
4KB
-
memory/1392-1-0x0000000000FD0000-0x0000000000FD1000-memory.dmpFilesize
4KB
-
memory/1392-2-0x0000000001110000-0x0000000001111000-memory.dmpFilesize
4KB
-
memory/1392-8-0x0000000000400000-0x0000000000E1B000-memory.dmpFilesize
10.1MB
-
memory/1392-11-0x0000000010000000-0x0000000010018000-memory.dmpFilesize
96KB
-
memory/1392-12-0x0000000000400000-0x0000000000E1B000-memory.dmpFilesize
10.1MB
-
memory/1392-0-0x0000000000FC0000-0x0000000000FC1000-memory.dmpFilesize
4KB
-
memory/1392-15-0x00000000006AD000-0x0000000000922000-memory.dmpFilesize
2.5MB
-
memory/1392-16-0x0000000000400000-0x0000000000E1B000-memory.dmpFilesize
10.1MB