6f001ffcf01b277bd49340fcf6dfaeaa8248bca8e6d9096caf1630e809d6bd17 | Triage

Analysis

max time kernel
90s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
15/09/2022, 23:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

1.7MB
MD5

d2e0cb24fce237ce0feba8dbaed2320c
SHA1

6b9f608f4dc210259f513eda063244d68c6d21e2
SHA256

6f001ffcf01b277bd49340fcf6dfaeaa8248bca8e6d9096caf1630e809d6bd17
SHA512

1725c49f821aa7c8e64532dcf428c6d550d6624dcce3057c8b1b06a1465caf0b134b4b016dd7ecfb8dba7e9004874568ddbb2871e1ab26fdc01bde3b6d09ceb8
SSDEEP

24576:7kpfXYUYPyKP20MKYl5f8oA+NAXSGV6b6KJ2weHS1MLCSAxl7GYzLHEE/UbP0p5:opuwNAXfQEw6spl75T/UT0T

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3700 set thread context of 100176	3700	file.exe	81

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 3700 wrote to memory of 100176	3700	file.exe	81
PID 3700 wrote to memory of 100176	3700	file.exe	81
PID 3700 wrote to memory of 100176	3700	file.exe	81
PID 3700 wrote to memory of 100176	3700	file.exe	81
PID 3700 wrote to memory of 100176	3700	file.exe	81

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3700
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:100176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3700-141-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/100176-133-0x0000000000400000-0x00000000004A2000-memory.dmp

Filesize
648KB

Download
memory/100176-140-0x0000000000400000-0x00000000004A2000-memory.dmp

Filesize
648KB

Download