Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
19-09-2022 00:45
Behavioral task
behavioral1
Sample
c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe
Resource
win7-20220812-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe
-
Size
53KB
-
MD5
d48b00951957a41bf8864c5572d1ce68
-
SHA1
4d0821c686ea34be3204384155bc3fedadb1c087
-
SHA256
c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f
-
SHA512
8e0b0ebf579d9af9837044a6209d32dac89714c5da97847c1f198d61563860bee1fa80fcd0a2a0a63b19f6a28ed9a3c1d68e052ebc98a43ff53e1348be5bab13
-
SSDEEP
1536:Y3dYDLTcJgiYx1IPg3FMBHWp7A44WkLQEckyU:mEagDx/1MUGMU
Score
8/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1212-63-0x0000000000400000-0x000000000042D000-memory.dmp upx -
Suspicious use of SetThreadContext 5 IoCs
description pid Process procid_target PID 1212 set thread context of 1788 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe 28 PID 1212 set thread context of 0 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe PID 1212 set thread context of 0 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe PID 1212 set thread context of 0 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe PID 1212 set thread context of 0 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1788 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe 1788 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe -
Suspicious use of WriteProcessMemory 28 IoCs
description pid Process procid_target PID 1212 wrote to memory of 1788 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe 28 PID 1212 wrote to memory of 1788 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe 28 PID 1212 wrote to memory of 1788 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe 28 PID 1212 wrote to memory of 1788 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe 28 PID 1212 wrote to memory of 1788 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe 28 PID 1212 wrote to memory of 1788 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe 28 PID 1212 wrote to memory of 1788 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe 28 PID 1212 wrote to memory of 1788 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe 28 PID 1212 wrote to memory of 0 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe PID 1212 wrote to memory of 0 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe PID 1212 wrote to memory of 0 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe PID 1212 wrote to memory of 0 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe PID 1212 wrote to memory of 0 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe PID 1212 wrote to memory of 0 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe PID 1212 wrote to memory of 0 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe PID 1212 wrote to memory of 0 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe PID 1212 wrote to memory of 0 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe PID 1212 wrote to memory of 0 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe PID 1212 wrote to memory of 0 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe PID 1212 wrote to memory of 0 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe PID 1212 wrote to memory of 0 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe PID 1212 wrote to memory of 0 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe PID 1212 wrote to memory of 0 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe PID 1212 wrote to memory of 0 1212 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe PID 1788 wrote to memory of 1232 1788 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe 16 PID 1788 wrote to memory of 1232 1788 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe 16 PID 1788 wrote to memory of 1232 1788 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe 16 PID 1788 wrote to memory of 1232 1788 c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe 16
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1232
-
C:\Users\Admin\AppData\Local\Temp\c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe"C:\Users\Admin\AppData\Local\Temp\c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe"2⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1212 -
C:\Users\Admin\AppData\Local\Temp\c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe"C:\Users\Admin\AppData\Local\Temp\c630b19b2a9cc15f603163a52f54e4774c7c81b6dc50600e0c8cf7366d05697f.exe"3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1788
-
-