Analysis
-
max time kernel
149s -
max time network
157s -
platform
windows7_x64 -
resource
win7 -
submitted
29-06-2020 07:30
Static task
static1
Behavioral task
behavioral1
Sample
ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe
-
Size
254KB
-
MD5
def723df50f19b499ec3dada4f8f0eec
-
SHA1
f2ee1e0bc1a6bb844068bf38219249fdc9149670
-
SHA256
ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d
-
SHA512
38f988602054e32d1675bae1d124dc2074a25a2c932d2d5d65108f56dfa9099719def36f8ef11792c43dff2bbc6e00563669c6b677ca3e3c1260034dc90f7ca4
Score
5/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 18 IoCs
Processes:
ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exeea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exedescription pid process target process PID 1376 wrote to memory of 1424 1376 ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe PID 1376 wrote to memory of 1424 1376 ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe PID 1376 wrote to memory of 1424 1376 ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe PID 1376 wrote to memory of 1424 1376 ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe PID 1376 wrote to memory of 1424 1376 ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe PID 1376 wrote to memory of 1424 1376 ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe PID 1376 wrote to memory of 1424 1376 ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe PID 1376 wrote to memory of 1424 1376 ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe PID 1376 wrote to memory of 1424 1376 ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe PID 1376 wrote to memory of 1424 1376 ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe PID 1376 wrote to memory of 1424 1376 ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe PID 1376 wrote to memory of 1424 1376 ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe PID 1424 wrote to memory of 1000 1424 ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe cmd.exe PID 1424 wrote to memory of 1000 1424 ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe cmd.exe PID 1424 wrote to memory of 1000 1424 ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe cmd.exe PID 1424 wrote to memory of 1000 1424 ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe cmd.exe PID 1424 wrote to memory of 1000 1424 ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe cmd.exe PID 1424 wrote to memory of 1000 1424 ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe cmd.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exedescription pid process target process PID 1376 set thread context of 1424 1376 ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe"C:\Users\Admin\AppData\Local\Temp\ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe"1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\ea8b31057b96e014214275c5de49dd66c22ac523098100b6ec624384a2f9b35d.exe"{path}"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe"3⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1000-3-0x0000000000000000-mapping.dmp
-
memory/1000-4-0x0000000000130000-0x0000000000131000-memory.dmpFilesize
4KB
-
memory/1000-5-0x0000000000000000-mapping.dmp
-
memory/1424-0-0x0000000000400000-0x0000000000553000-memory.dmpFilesize
1.3MB
-
memory/1424-1-0x0000000000405907-mapping.dmp
-
memory/1424-2-0x0000000000400000-0x0000000000553000-memory.dmpFilesize
1.3MB