Analysis
-
max time kernel
7s -
max time network
9s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
-
submitted
30-06-2024 17:10
General
-
Target
d014-9a13-4c86.exe
-
Size
17.9MB
-
MD5
32cfd0d80dbf54fb63c6dd5fd84b517d
-
SHA1
9aa2737687ba0b936169a021e70f9848422b376b
-
SHA256
af2022deb3462d47b4025847e614115f08b376371d2dfc9d8dcb78e8e174f214
-
SHA512
4ffa13249e572d90566dc8bb1fed283e3e9b4cca52d6d81eafdfec2e0908a91e0d4ad750bbe42781e151e6b806bb5078a436f074d1bc4b0cef76e059d7ee7b72
-
SSDEEP
393216:M+toHd5NJJl/Iu3MrNu6bC49N+ggHXxodvet/UfCZ6NoL:Mrd5zJl/Iu3MrNtb9+ggHXxEvetcKQNs
Score
7/10
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
VMProtect packed file 2 IoCs
Detects executables packed with VMProtect commercial packer.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d014-9a13-4c86.exe"C:\Users\Admin\AppData\Local\Temp\d014-9a13-4c86.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/864-0-0x0000000140319000-0x000000014122D000-memory.dmpFilesize
15.1MB
-
memory/864-2-0x00007FFE39300000-0x00007FFE39302000-memory.dmpFilesize
8KB
-
memory/864-1-0x00007FFE392F0000-0x00007FFE392F2000-memory.dmpFilesize
8KB
-
memory/864-7-0x0000000140000000-0x0000000142417000-memory.dmpFilesize
36.1MB
-
memory/864-8-0x0000000140319000-0x000000014122D000-memory.dmpFilesize
15.1MB
-
memory/864-9-0x0000000140000000-0x0000000142417000-memory.dmpFilesize
36.1MB