Analysis
-
max time kernel
139s -
max time network
139s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
09-11-2020 21:25
Static task
static1
Behavioral task
behavioral1
Sample
265950d1f3298cae2e0203a0b1d43c661e6a7b4a7375227e433e5377d68ce0b6.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
265950d1f3298cae2e0203a0b1d43c661e6a7b4a7375227e433e5377d68ce0b6.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
265950d1f3298cae2e0203a0b1d43c661e6a7b4a7375227e433e5377d68ce0b6.exe
-
Size
1.1MB
-
MD5
ffa967291fe8f53465e17d7b6b3fa042
-
SHA1
e2f4dd1b3af908e0367ed4b5ce9237a91a3146a7
-
SHA256
265950d1f3298cae2e0203a0b1d43c661e6a7b4a7375227e433e5377d68ce0b6
-
SHA512
81662827c9f7bbe8a745960e455442ac70620cbaac9142536cadda44c4b880bc5c19172d85d69e7bbcf4bdbfd6c2122edb2353ec03805dca3275d46bc8156290
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
265950d1f3298cae2e0203a0b1d43c661e6a7b4a7375227e433e5377d68ce0b6.exedescription pid process target process PID 984 set thread context of 3796 984 265950d1f3298cae2e0203a0b1d43c661e6a7b4a7375227e433e5377d68ce0b6.exe 265950d1f3298cae2e0203a0b1d43c661e6a7b4a7375227e433e5377d68ce0b6.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
265950d1f3298cae2e0203a0b1d43c661e6a7b4a7375227e433e5377d68ce0b6.exedescription pid process target process PID 984 wrote to memory of 3796 984 265950d1f3298cae2e0203a0b1d43c661e6a7b4a7375227e433e5377d68ce0b6.exe 265950d1f3298cae2e0203a0b1d43c661e6a7b4a7375227e433e5377d68ce0b6.exe PID 984 wrote to memory of 3796 984 265950d1f3298cae2e0203a0b1d43c661e6a7b4a7375227e433e5377d68ce0b6.exe 265950d1f3298cae2e0203a0b1d43c661e6a7b4a7375227e433e5377d68ce0b6.exe PID 984 wrote to memory of 3796 984 265950d1f3298cae2e0203a0b1d43c661e6a7b4a7375227e433e5377d68ce0b6.exe 265950d1f3298cae2e0203a0b1d43c661e6a7b4a7375227e433e5377d68ce0b6.exe PID 984 wrote to memory of 3796 984 265950d1f3298cae2e0203a0b1d43c661e6a7b4a7375227e433e5377d68ce0b6.exe 265950d1f3298cae2e0203a0b1d43c661e6a7b4a7375227e433e5377d68ce0b6.exe PID 984 wrote to memory of 3796 984 265950d1f3298cae2e0203a0b1d43c661e6a7b4a7375227e433e5377d68ce0b6.exe 265950d1f3298cae2e0203a0b1d43c661e6a7b4a7375227e433e5377d68ce0b6.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\265950d1f3298cae2e0203a0b1d43c661e6a7b4a7375227e433e5377d68ce0b6.exe"C:\Users\Admin\AppData\Local\Temp\265950d1f3298cae2e0203a0b1d43c661e6a7b4a7375227e433e5377d68ce0b6.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\265950d1f3298cae2e0203a0b1d43c661e6a7b4a7375227e433e5377d68ce0b6.exe"C:\Users\Admin\AppData\Local\Temp\265950d1f3298cae2e0203a0b1d43c661e6a7b4a7375227e433e5377d68ce0b6.exe"2⤵