5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d

Analysis

max time kernel
113s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2022, 22:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe
Size

48KB
MD5

0961cf828bb28786cb2fc57423cd5001
SHA1

0cc9d63a9a7686b1fde9c1f6391451f353eae33a
SHA256

5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d
SHA512

b0179dc6adb82bb1e67f2668cfd8461f8169a9bcf043c97ee6e582275a9dbe57aaa607ecb1954cfa13c1255bc4b164bad83de209e8c1df952c1e9ed73164adc4
SSDEEP

768:BO9WaWgu5m5/WpApwe1QF4FwVYVQl4lwZg16d2z7wfyvhKFtWiIg6WAPn/9qXfw1:BO9boAxWeCemeWuG+2GM2zTstWiIrWG5

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4508 set thread context of 532	4508	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	81

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe
532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4508 wrote to memory of 532	4508	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	81
PID 4508 wrote to memory of 532	4508	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	81
PID 4508 wrote to memory of 532	4508	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	81
PID 4508 wrote to memory of 532	4508	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	81
PID 4508 wrote to memory of 532	4508	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	81
PID 4508 wrote to memory of 532	4508	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	81
PID 4508 wrote to memory of 532	4508	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	81
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42
PID 532 wrote to memory of 2556	532	5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe	42

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:2556
- C:\Users\Admin\AppData\Local\Temp\5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe
  "C:\Users\Admin\AppData\Local\Temp\5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:4508
- - C:\Users\Admin\AppData\Local\Temp\5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe
    C:\Users\Admin\AppData\Local\Temp\5be47b12060c0eaca4507a5ce573b4fb0a64235b113b6918ee0dfb25cef4293d.exe
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/532-133-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/532-136-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/532-137-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/4508-134-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download