Overview

overview

10

Static

static

e2075b32b9...53.exe

windows7_x64

10

e2075b32b9...53.exe

windows10_x64

7

Analysis

  • max time kernel
    11s
  • max time network
    112s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    02-08-2021 19:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253.exe

  • Size

    220KB

  • MD5

    8ba293749c97cbf48f30f02c66d3406d

  • SHA1

    6a7492a26d0a16320daa2cb187232fc0053f4f5f

  • SHA256

    e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253

  • SHA512

    041e3f65fcb877eb19f5d63cb79d2eb6327ee4b06191a3a4202a736fb6215cd2b2b5c436c081b0165acf2b1b0341c8c551bbf166f8f46ce48fedd7d23ff74049

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253.exe
    "C:\Users\Admin\AppData\Local\Temp\e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:804
    • C:\Users\Admin\AppData\Local\Temp\e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253.exe
      "C:\Users\Admin\AppData\Local\Temp\e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:3180
      • C:\Users\Admin\AppData\Local\Temp\e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253.exe
        "C:\Users\Admin\AppData\Local\Temp\e2075b32b9716dc41ef667a74c1ae2c2841a5b9fd3046db0bdcd96c581778253.exe"
        3⤵
          PID:3184

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\ athefff3h6266cd5fa708f.tmp
      MD5

      79460e0544e0dffe86dd51bba404a2d3

      SHA1

      ed294e22259f0de6bac6dd7a701b19b3cdcda900

      SHA256

      2afd890122bba0eed6193476d04266b4a5b7a4de53cb514bd9eaf4243d9fc973

      SHA512

      e2511bcc767b9ea93d378aa5d3d81a08d39701e9920019c9125bed88cde1de02bfabd8a5242710e86b4d20a75a65607de442772753ab47230dea4a9ba36f563a

      Download Submit
    • \Users\Admin\AppData\Local\Temp\ athefff3h6266cd5fa708f.tmp
      MD5

      79460e0544e0dffe86dd51bba404a2d3

      SHA1

      ed294e22259f0de6bac6dd7a701b19b3cdcda900

      SHA256

      2afd890122bba0eed6193476d04266b4a5b7a4de53cb514bd9eaf4243d9fc973

      SHA512

      e2511bcc767b9ea93d378aa5d3d81a08d39701e9920019c9125bed88cde1de02bfabd8a5242710e86b4d20a75a65607de442772753ab47230dea4a9ba36f563a

      Download Submit
    • memory/3180-115-0x0000000000400000-0x0000000000428000-memory.dmp
      Filesize

      160KB

      Download
    • memory/3180-116-0x000000000040258C-mapping.dmp
      Download
    • memory/3180-117-0x0000000000400000-0x0000000000428000-memory.dmp
      Filesize

      160KB

      Download
    • memory/3184-118-0x0000000000400000-0x0000000000427000-memory.dmp
      Filesize

      156KB

      Download
    • memory/3184-119-0x0000000000413CB7-mapping.dmp
      Download
    • memory/3184-121-0x0000000000400000-0x0000000000427000-memory.dmp
      Filesize

      156KB

      Download