Overview

overview

5

Static

static

296968fa47...a5.exe

windows7_x64

5

296968fa47...a5.exe

windows10_x64

5

Analysis

  • max time kernel
    5s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    19-07-2021 13:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    296968fa478ce8b4832446c33afc37a5.exe

  • Size

    54KB

  • MD5

    296968fa478ce8b4832446c33afc37a5

  • SHA1

    b8331521ad1beb8814c5b50d9e16430440bb2947

  • SHA256

    d7854719c33f72a1afa0c562bdf44a8941b4017fbe90a215636aad91d1bf4f10

  • SHA512

    e0eb126fae4a10f8bde0e684429a77739676c2a54ac9db313376e8e4335bc157523dc4b2781fd663cbf03ca92572308ab1a5e949d443a18d14da579bf9cc3e4d

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\296968fa478ce8b4832446c33afc37a5.exe
    "C:\Users\Admin\AppData\Local\Temp\296968fa478ce8b4832446c33afc37a5.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Users\Admin\AppData\Local\Temp\296968fa478ce8b4832446c33afc37a5.exe
      C:\Users\Admin\AppData\Local\Temp\296968fa478ce8b4832446c33afc37a5.exe
      2⤵
        PID:1608

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1608-63-0x0000000000400000-0x0000000000405000-memory.dmp

      Filesize

      20KB

      Download

    • memory/1608-65-0x00000000765F1000-0x00000000765F3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1608-66-0x0000000000400000-0x0000000000405000-memory.dmp

      Filesize

      20KB

      Download

    • memory/2028-60-0x0000000000BA0000-0x0000000000BA1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2028-62-0x0000000004A20000-0x0000000004A21000-memory.dmp

      Filesize

      4KB

      Download