Analysis
-
max time kernel
68s -
max time network
124s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
19-11-2021 03:08
Static task
static1
Behavioral task
behavioral1
Sample
2d.exe
Resource
win7-en-20211104
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
2d.exe
Resource
win10-en-20211014
windows10_x64
0 signatures
0 seconds
General
-
Target
2d.exe
-
Size
148KB
-
MD5
38b50102f941b4f4cba161408cf20933
-
SHA1
a734a5bd0bf36f205baaa37a4ae84b21eca6b173
-
SHA256
8b1177549a1f4a0e47acd8ec77bf670ee18efb9f2c18747e460bd8924d5a2024
-
SHA512
25b513c41662ee4236baae15db95e25ea8defd4483c2d819047e0978253906b355f2f2425f7f4ea6e97994b0a83eb062c772578f24f94c32ad90578b6f2583cd
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
2d.exedescription pid process target process PID 3036 set thread context of 3444 3036 2d.exe 2d.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
2d.exepid process 3444 2d.exe 3444 2d.exe 3444 2d.exe 3444 2d.exe 3444 2d.exe 3444 2d.exe 3444 2d.exe 3444 2d.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
2d.exepid process 3036 2d.exe -
Suspicious use of WriteProcessMemory 10 IoCs
Processes:
2d.exedescription pid process target process PID 3036 wrote to memory of 3444 3036 2d.exe 2d.exe PID 3036 wrote to memory of 3444 3036 2d.exe 2d.exe PID 3036 wrote to memory of 3444 3036 2d.exe 2d.exe PID 3036 wrote to memory of 3444 3036 2d.exe 2d.exe PID 3036 wrote to memory of 3444 3036 2d.exe 2d.exe PID 3036 wrote to memory of 3444 3036 2d.exe 2d.exe PID 3036 wrote to memory of 3444 3036 2d.exe 2d.exe PID 3036 wrote to memory of 3444 3036 2d.exe 2d.exe PID 3036 wrote to memory of 3444 3036 2d.exe 2d.exe PID 3036 wrote to memory of 3444 3036 2d.exe 2d.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2d.exe"C:\Users\Admin\AppData\Local\Temp\2d.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2d.exe"C:\Users\Admin\AppData\Local\Temp\2d.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3036-115-0x00000000005A0000-0x00000000005A6000-memory.dmpFilesize
24KB
-
memory/3036-116-0x00000000005A0000-0x00000000005AA000-memory.dmpFilesize
40KB
-
memory/3444-117-0x0000000000400000-0x000000000041F000-memory.dmpFilesize
124KB
-
memory/3444-118-0x000000000040522B-mapping.dmp
-
memory/3444-119-0x0000000000400000-0x000000000041F000-memory.dmpFilesize
124KB