Overview

overview

10

Static

static

2a59d23966...08.exe

windows7_x64

10

2a59d23966...08.exe

windows10_x64

5

Analysis

  • max time kernel
    72s
  • max time network
    74s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    17-09-2021 21:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2a59d2396654692dc87a81df7554b608.exe

  • Size

    433KB

  • MD5

    2a59d2396654692dc87a81df7554b608

  • SHA1

    a545b6bc8ab5afd12feb22686af50f4075fb61cd

  • SHA256

    04e98a900ca361b68ebcfbad6453ddc626d93c8afb13916c18dd0e9648187566

  • SHA512

    a612f5fe059baf09f6aa30c7a41c9c00d225f326d5d6a10476aa1969c2e0ce3c39986b519ff77be787a61695d71e2fc18766ea9f93509332096c0d7e613cbea8

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2a59d2396654692dc87a81df7554b608.exe
    "C:\Users\Admin\AppData\Local\Temp\2a59d2396654692dc87a81df7554b608.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:664
    • C:\Users\Admin\AppData\Local\Temp\2a59d2396654692dc87a81df7554b608.exe
      "C:\Users\Admin\AppData\Local\Temp\2a59d2396654692dc87a81df7554b608.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/608-115-0x00000000003BD0B0-mapping.dmp
    Download
  • memory/608-116-0x0000000000AB0000-0x0000000000DD0000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/664-114-0x0000000000D70000-0x0000000000E1E000-memory.dmp
    Filesize

    696KB

    Download