Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
11-01-2021 07:08
Static task
static1
Behavioral task
behavioral1
Sample
Scan_order.scr
Resource
win7v20201028
0 signatures
0 seconds
General
-
Target
Scan_order.scr
-
Size
76KB
-
MD5
04be7ed51e345a56403df4657b376990
-
SHA1
44f5fdf6902d114524afc110cd927f95f72903fa
-
SHA256
ab77af2c0fe4a39b3e2ec7b7450ef36999baf7c66316f4b3934d5a60e124d50c
-
SHA512
0b71a26ad38bbc0c1fb37854f636125012cfa6177afa1de4291756e5bdbe3bc07df157a1eb4ba7c3ee82055ece44ec21157ff14a6d66df14b0a720ad410afd21
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
Processes:
Scan_order.scrieinstal.exepid process 972 Scan_order.scr 2752 ieinstal.exe 2752 ieinstal.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
Scan_order.scrdescription pid process target process PID 972 set thread context of 2752 972 Scan_order.scr ieinstal.exe -
Suspicious behavior: MapViewOfSection 2 IoCs
Processes:
Scan_order.scrpid process 972 Scan_order.scr 972 Scan_order.scr -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
Scan_order.scrieinstal.exepid process 972 Scan_order.scr 2752 ieinstal.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
Scan_order.scrdescription pid process target process PID 972 wrote to memory of 2724 972 Scan_order.scr ieinstal.exe PID 972 wrote to memory of 2724 972 Scan_order.scr ieinstal.exe PID 972 wrote to memory of 2724 972 Scan_order.scr ieinstal.exe PID 972 wrote to memory of 2752 972 Scan_order.scr ieinstal.exe PID 972 wrote to memory of 2752 972 Scan_order.scr ieinstal.exe PID 972 wrote to memory of 2752 972 Scan_order.scr ieinstal.exe PID 972 wrote to memory of 2752 972 Scan_order.scr ieinstal.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Scan_order.scr"C:\Users\Admin\AppData\Local\Temp\Scan_order.scr" /S1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\internet explorer\ieinstal.exe"C:\Users\Admin\AppData\Local\Temp\Scan_order.scr" /S2⤵
-
C:\Program Files (x86)\internet explorer\ieinstal.exe"C:\Users\Admin\AppData\Local\Temp\Scan_order.scr" /S2⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx