b1c0e35f47273a236518f43ee56c0367d8b423ca9ed8f9e7ad4a875caa47bb69 | Triage

Analysis

max time kernel
3s
max time network
40s
platform
windows7_x64
resource
win7v20210410
submitted
11-08-2021 19:37

Sharing

Report Analysis Logs

General

Target

753C707E47BCE65D32BE781EA1584E0B.exe
Size

84KB
MD5

753c707e47bce65d32be781ea1584e0b
SHA1

7b43f6a910b01553dfae51560570365e3ce9ed42
SHA256

b1c0e35f47273a236518f43ee56c0367d8b423ca9ed8f9e7ad4a875caa47bb69
SHA512

8afc2ebbc80e17e42317202e9479e0c223456cf9f0b22ccdf9fe486eff19ebf9a33a2e00c01aa81168d4ad9950c34c8d78dc2f5821702fe61874221088d3cdda

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

753C707E47BCE65D32BE781EA1584E0B.exe

description pid process target process

PID 1080 set thread context of 1484 1080 753C707E47BCE65D32BE781EA1584E0B.exe 753C707E47BCE65D32BE781EA1584E0B.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

753C707E47BCE65D32BE781EA1584E0B.exe

description pid process

Token: SeDebugPrivilege 1080 753C707E47BCE65D32BE781EA1584E0B.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

753C707E47BCE65D32BE781EA1584E0B.exe

description	pid	process	target process
PID 1080 wrote to memory of 1484	1080	753C707E47BCE65D32BE781EA1584E0B.exe	753C707E47BCE65D32BE781EA1584E0B.exe
PID 1080 wrote to memory of 1484	1080	753C707E47BCE65D32BE781EA1584E0B.exe	753C707E47BCE65D32BE781EA1584E0B.exe
PID 1080 wrote to memory of 1484	1080	753C707E47BCE65D32BE781EA1584E0B.exe	753C707E47BCE65D32BE781EA1584E0B.exe
PID 1080 wrote to memory of 1484	1080	753C707E47BCE65D32BE781EA1584E0B.exe	753C707E47BCE65D32BE781EA1584E0B.exe
PID 1080 wrote to memory of 1484	1080	753C707E47BCE65D32BE781EA1584E0B.exe	753C707E47BCE65D32BE781EA1584E0B.exe
PID 1080 wrote to memory of 1484	1080	753C707E47BCE65D32BE781EA1584E0B.exe	753C707E47BCE65D32BE781EA1584E0B.exe
PID 1080 wrote to memory of 1484	1080	753C707E47BCE65D32BE781EA1584E0B.exe	753C707E47BCE65D32BE781EA1584E0B.exe
PID 1080 wrote to memory of 1484	1080	753C707E47BCE65D32BE781EA1584E0B.exe	753C707E47BCE65D32BE781EA1584E0B.exe
PID 1080 wrote to memory of 1484	1080	753C707E47BCE65D32BE781EA1584E0B.exe	753C707E47BCE65D32BE781EA1584E0B.exe

C:\Users\Admin\AppData\Local\Temp\753C707E47BCE65D32BE781EA1584E0B.exe
"C:\Users\Admin\AppData\Local\Temp\753C707E47BCE65D32BE781EA1584E0B.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1080
- C:\Users\Admin\AppData\Local\Temp\753C707E47BCE65D32BE781EA1584E0B.exe
  C:\Users\Admin\AppData\Local\Temp\753C707E47BCE65D32BE781EA1584E0B.exe
  2⤵
  PID:1484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1080-59-0x0000000075561000-0x0000000075563000-memory.dmp

Filesize
8KB

Download
memory/1080-60-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/1484-62-0x00000000004070CE-mapping.dmp

Download