b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d

Analysis

max time kernel
30s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 16:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe
Size

44KB
MD5

16e2bb544c01bfb57b41dbad116b2270
SHA1

064a65597ef817a8705a33e074607d0eb7096112
SHA256

b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d
SHA512

6ded6e5fb6fdc70ee300c95cc21ed7865abc46a552f6d13d0f802b6c9c8bfb834d54c23be8809c4b4e815a413157ea7ffa3ecfba64f1be8d3dde40b2b074e9fb
SSDEEP

768:9sfkKdb4T6LD8z7qtpPrimgl+Y8KD20VPODJtTF:9Hob4T0wz7qbjqlAkVPatB

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1928 set thread context of 2012	1928	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	28

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 2012	1928	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	28
PID 1928 wrote to memory of 2012	1928	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	28
PID 1928 wrote to memory of 2012	1928	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	28
PID 1928 wrote to memory of 2012	1928	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	28
PID 1928 wrote to memory of 2012	1928	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	28
PID 1928 wrote to memory of 2012	1928	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	28
PID 1928 wrote to memory of 2012	1928	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	28
PID 1928 wrote to memory of 2012	1928	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	28
PID 1928 wrote to memory of 2012	1928	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	28
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17
PID 2012 wrote to memory of 1284	2012	b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe	17

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1284
- C:\Users\Admin\AppData\Local\Temp\b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe
  "C:\Users\Admin\AppData\Local\Temp\b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:1928
- - C:\Users\Admin\AppData\Local\Temp\b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe
    "C:\Users\Admin\AppData\Local\Temp\b03d169eea4413bb92294bf89de5abb8f3be3f2f18f686678b8ad0c212c5360d.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1928-54-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/1928-66-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2012-55-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2012-56-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2012-58-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2012-59-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2012-60-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2012-63-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2012-64-0x0000000076031000-0x0000000076033000-memory.dmp

Filesize
8KB

Download
memory/2012-65-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download