a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0

General

Target

a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe
Size

310KB
MD5

bd9e419360550db5ceff51962804d0b8
SHA1

574c06a9ab4a4ce1daaa5c51e9051a4552cbd8a3
SHA256

a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0
SHA512

9b9dd83a71a7999474d1b44da511de4a314b6d4a11b40b0ee8ac174db0b8d38d45da9282e771f18676667be9a701da619aa7fcecede8399e4ac2c4770380e814

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

Processes:

pid process

2060

pid	process
2060

Suspicious use of SetThreadContext 1 IoCs

Processes:

a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe

description	pid	process	target process
PID 3588 set thread context of 3596	3588	a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe	a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe

pid	process
3596	a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe
3596	a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060
2060

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

pid process

2060
Suspicious behavior: MapViewOfSection 1 IoCs

Processes:

a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe

pid process

3596 a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe

pid	process
2060

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe

description	pid	process	target process
PID 3588 wrote to memory of 3596	3588	a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe	a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe
PID 3588 wrote to memory of 3596	3588	a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe	a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe
PID 3588 wrote to memory of 3596	3588	a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe	a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe
PID 3588 wrote to memory of 3596	3588	a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe	a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe
PID 3588 wrote to memory of 3596	3588	a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe	a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe
PID 3588 wrote to memory of 3596	3588	a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe	a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe

C:\Users\Admin\AppData\Local\Temp\a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe
"C:\Users\Admin\AppData\Local\Temp\a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3588

C:\Users\Admin\AppData\Local\Temp\a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe
"C:\Users\Admin\AppData\Local\Temp\a3d8d60cba9b80fcaa41fe593da0eb79775efe649fa25bfcecd5fcf0e2afc7e0.exe"
2⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:3596

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3588-116-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-117-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-118-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-119-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-120-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-121-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-122-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-123-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-124-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-125-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-126-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-127-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-128-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-129-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-130-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-131-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-132-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-133-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-134-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-135-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-136-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-138-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-139-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-140-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-141-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-142-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-143-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-144-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3588-149-0x0000000002850000-0x0000000002859000-memory.dmp

Filesize
36KB

Download
memory/3596-148-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-163-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-147-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-146-0x0000000000402DD8-mapping.dmp

Download
memory/3596-145-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3596-151-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-152-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-153-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-154-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-155-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-157-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-158-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-159-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-156-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-160-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-161-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-162-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-150-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-164-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-166-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-165-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-167-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-168-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-169-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-170-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-171-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-172-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3596-173-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-174-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-175-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-176-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-177-0x00000000770F0000-0x000000007727E000-memory.dmp

Filesize
1.6MB

Download
memory/3596-178-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads