Analysis

  • max time kernel
    60s
  • max time network
    51s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    08-06-2022 22:40

General

  • Target

    16ebc150998d18a2f00ba92ff7704d8e3615f6cddf8a48921b678439189a1bd3.exe

  • Size

    501KB

  • MD5

    365c7943dc2aab5777fbc8a127a5187d

  • SHA1

    08aab407d36826c7dd2036d0cc260907a68cb7a9

  • SHA256

    16ebc150998d18a2f00ba92ff7704d8e3615f6cddf8a48921b678439189a1bd3

  • SHA512

    5cd9f4e9ad28ccce3435efd1bed18a4145a35e42e8f9258e7b5ebf61cb8ef34ea43192c39e4bc6231fa0cd4ca963200aeee62fb19f5016528968aa76a68c260a

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16ebc150998d18a2f00ba92ff7704d8e3615f6cddf8a48921b678439189a1bd3.exe
    "C:\Users\Admin\AppData\Local\Temp\16ebc150998d18a2f00ba92ff7704d8e3615f6cddf8a48921b678439189a1bd3.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:784
    • C:\Users\Admin\AppData\Local\Temp\16ebc150998d18a2f00ba92ff7704d8e3615f6cddf8a48921b678439189a1bd3.exe
      "C:\Users\Admin\AppData\Local\Temp\16ebc150998d18a2f00ba92ff7704d8e3615f6cddf8a48921b678439189a1bd3.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:708
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
        dw20.exe -x -s 772
        3⤵
          PID:1356

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/708-62-0x0000000000400000-0x000000000044E000-memory.dmp

      Filesize

      312KB

    • memory/708-65-0x0000000000400000-0x000000000044E000-memory.dmp

      Filesize

      312KB

    • memory/708-73-0x0000000073FD0000-0x000000007457B000-memory.dmp

      Filesize

      5.7MB

    • memory/708-57-0x0000000000400000-0x000000000044E000-memory.dmp

      Filesize

      312KB

    • memory/708-58-0x0000000000400000-0x000000000044E000-memory.dmp

      Filesize

      312KB

    • memory/708-60-0x0000000000400000-0x000000000044E000-memory.dmp

      Filesize

      312KB

    • memory/708-70-0x0000000073FD0000-0x000000007457B000-memory.dmp

      Filesize

      5.7MB

    • memory/708-67-0x0000000000400000-0x000000000044E000-memory.dmp

      Filesize

      312KB

    • memory/784-69-0x0000000073FD0000-0x000000007457B000-memory.dmp

      Filesize

      5.7MB

    • memory/784-54-0x0000000075711000-0x0000000075713000-memory.dmp

      Filesize

      8KB

    • memory/784-55-0x0000000073FD0000-0x000000007457B000-memory.dmp

      Filesize

      5.7MB

    • memory/784-56-0x0000000073FD0000-0x000000007457B000-memory.dmp

      Filesize

      5.7MB