9a59cf3b46cbf1e3bf2af9551b25c562bd7a548caff82424d3c86193e7ba483c | Triage

Analysis

max time kernel
127s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 07:19

Sharing

Report Analysis Logs

General

Target

media.exe
Size

301KB
MD5

2e9a52594d64d75f396f9079b2332a4f
SHA1

c27e2a039f792348c622bbb6812558d31382d226
SHA256

1d0c59097b7a3e7a2eef3dd06989edf07601d7953187de35f99cd8ff4fc772f5
SHA512

053285b7ce7c94f95486537764e5b4c9fe906aae5ea12a9d36a803b791e59251a330614885764bb6ae6608be93327f66081a0f3b7c121c72d456b5e18b239bfe
SSDEEP

3072:8Jtn5ymi8Eu11uZaLJbN2SQ3N7Do0JgT5SVtoaKGlD8yWC242UcdRCU4J4lg4E4D:zKA9PnGmE

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3480 set thread context of 1108	3480	media.exe	81

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1108	media.exe
1108	media.exe
1108	media.exe
1108	media.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3480	media.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3480 wrote to memory of 1108	3480	media.exe	81
PID 3480 wrote to memory of 1108	3480	media.exe	81
PID 3480 wrote to memory of 1108	3480	media.exe	81
PID 3480 wrote to memory of 1108	3480	media.exe	81
PID 3480 wrote to memory of 1108	3480	media.exe	81
PID 3480 wrote to memory of 1108	3480	media.exe	81
PID 3480 wrote to memory of 1108	3480	media.exe	81
PID 1108 wrote to memory of 2576	1108	media.exe	49
PID 1108 wrote to memory of 2576	1108	media.exe	49
PID 1108 wrote to memory of 2576	1108	media.exe	49
PID 1108 wrote to memory of 2576	1108	media.exe	49

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:2576
- C:\Users\Admin\AppData\Local\Temp\media.exe
  "C:\Users\Admin\AppData\Local\Temp\media.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3480
- - C:\Users\Admin\AppData\Local\Temp\media.exe
    "C:\Users\Admin\AppData\Local\Temp\media.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1108-135-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1108-137-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/1108-139-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2576-138-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download