df25322be14f617652607a150c806b4ecb3a3317564755518b8100063b58a50e

General

Target

efdf344f4fdsdff.exe
Size

671KB
MD5

8f62ed60962df60d1d11c6e2a97a3a6e
SHA1

d7a80002dba75d642cd05f094110e147541f2058
SHA256

df25322be14f617652607a150c806b4ecb3a3317564755518b8100063b58a50e
SHA512

3b8b5dcf317eb0a5dd061832fa8bc6eb6b1aa290104423b02c3e9b6cd4a5744c1922010478603b545470f303ee4eb65f17d494a5e222b382cd922a7fd75f7080

Score

8^/10

Malware Config

Signatures

Blacklisted process makes network request 6 IoCs

Processes:

cmd.exe

flow pid process

31 2372 cmd.exe
33 2372 cmd.exe
35 2372 cmd.exe
36 2372 cmd.exe
37 2372 cmd.exe
38 2372 cmd.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

efdf344f4fdsdff.exe

description pid process target process

PID 640 set thread context of 2372 640 efdf344f4fdsdff.exe cmd.exe

flow	pid	process
31	2372	cmd.exe
33	2372	cmd.exe
35	2372	cmd.exe
36	2372	cmd.exe
37	2372	cmd.exe
38	2372	cmd.exe

description	pid	process	target process
PID 640 set thread context of 2372	640	efdf344f4fdsdff.exe	cmd.exe

Suspicious use of WriteProcessMemory 851 IoCs

Processes:

efdf344f4fdsdff.exe

description	pid	process	target process
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe
PID 640 wrote to memory of 2372	640	efdf344f4fdsdff.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\efdf344f4fdsdff.exe
"C:\Users\Admin\AppData\Local\Temp\efdf344f4fdsdff.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:640

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe
2⤵
- Blacklisted process makes network request
PID:2372

C:\Users\Admin\AppData\Local\Temp\efdf344f4fdsdff.exe
C:\Users\Admin\AppData\Local\Temp\efdf344f4fdsdff.exe 3450732249
1⤵
PID:3672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/640-0-0x0000000001FB0000-0x0000000001FDC000-memory.dmp

Filesize
176KB

Download
memory/640-1-0x0000000001FE0000-0x000000000200C000-memory.dmp

Filesize
176KB

Download
memory/2372-4-0x00007FF63C300000-0x00007FF63C344000-memory.dmp

Filesize
272KB

Download
memory/2372-5-0x00007FF63C31DA28-mapping.dmp

Download
memory/2372-6-0x00007FF63C300000-0x00007FF63C344000-memory.dmp

Filesize
272KB

Download
memory/3672-3-0x0000000001FF0000-0x000000000201C000-memory.dmp

Filesize
176KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads