4639173bfdc5b0702df9a307a2de81d7973b0e2196c7ba07f5ff02ec3be3beec | Triage

Analysis

max time kernel
150s
max time network
151s
platform
windows7_x64
resource
win7v20210408
submitted
21-07-2021 20:45

Sharing

Report Analysis Logs

General

Target

77f2cba48c800cf3c24b14a60168158a.exe
Size

1.1MB
MD5

77f2cba48c800cf3c24b14a60168158a
SHA1

00a705f2443da3e5e030e78eea308ef96997f3f5
SHA256

4639173bfdc5b0702df9a307a2de81d7973b0e2196c7ba07f5ff02ec3be3beec
SHA512

2960df19449598ec788cd37bf731110da505b1e3ff0fb7a5a33b0b355df53c3a73f703bff33649d0570c2cd78ea8cac696f2d5491d2957d3666d7893392f8ff2

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

77f2cba48c800cf3c24b14a60168158a.exe

description pid process target process

PID 1924 set thread context of 1236 1924 77f2cba48c800cf3c24b14a60168158a.exe 77f2cba48c800cf3c24b14a60168158a.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

77f2cba48c800cf3c24b14a60168158a.exe

description	pid	process	target process
PID 1924 wrote to memory of 1236	1924	77f2cba48c800cf3c24b14a60168158a.exe	77f2cba48c800cf3c24b14a60168158a.exe
PID 1924 wrote to memory of 1236	1924	77f2cba48c800cf3c24b14a60168158a.exe	77f2cba48c800cf3c24b14a60168158a.exe
PID 1924 wrote to memory of 1236	1924	77f2cba48c800cf3c24b14a60168158a.exe	77f2cba48c800cf3c24b14a60168158a.exe
PID 1924 wrote to memory of 1236	1924	77f2cba48c800cf3c24b14a60168158a.exe	77f2cba48c800cf3c24b14a60168158a.exe
PID 1924 wrote to memory of 1236	1924	77f2cba48c800cf3c24b14a60168158a.exe	77f2cba48c800cf3c24b14a60168158a.exe
PID 1924 wrote to memory of 1236	1924	77f2cba48c800cf3c24b14a60168158a.exe	77f2cba48c800cf3c24b14a60168158a.exe

C:\Users\Admin\AppData\Local\Temp\77f2cba48c800cf3c24b14a60168158a.exe
"C:\Users\Admin\AppData\Local\Temp\77f2cba48c800cf3c24b14a60168158a.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Users\Admin\AppData\Local\Temp\77f2cba48c800cf3c24b14a60168158a.exe
  "C:\Users\Admin\AppData\Local\Temp\77f2cba48c800cf3c24b14a60168158a.exe"
  2⤵
  PID:1236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1236-60-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/1236-61-0x000000000044003F-mapping.dmp

Download
memory/1236-62-0x0000000076691000-0x0000000076693000-memory.dmp

Filesize
8KB

Download
memory/1236-63-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download