5fffd754fd0e30e417e860ed9d3eb80221fad19cdb92f07ffd7c42621dc5063c

Analysis

max time kernel
39s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 15:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5fffd754fd0e30e417e860ed9d3eb80221fad19cdb92f07ffd7c42621dc5063c.exe
Size

300KB
MD5

635628b76f6c13e48140f9e7ba30bc9d
SHA1

cef3438d9d0f19a18eaba114a039cb02f81424d1
SHA256

5fffd754fd0e30e417e860ed9d3eb80221fad19cdb92f07ffd7c42621dc5063c
SHA512

dd20db918a5151ef8c5589ad64a946f0e2684116f2e31752cc427f45ee1f39a73ed2751b0cf154e9bf98b360280311fad88bb73926e5d676cb49659dd9c55935
SSDEEP

6144:Z2G24eHcnAR+fZNnwkJhkB3Hu46xE2mmQHqKv/G4UO0O2kw:IGfe9R+fEkPktO4gE2mBqk30dkw

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1112 set thread context of 1724	1112	5fffd754fd0e30e417e860ed9d3eb80221fad19cdb92f07ffd7c42621dc5063c.exe	28

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1724	5fffd754fd0e30e417e860ed9d3eb80221fad19cdb92f07ffd7c42621dc5063c.eXe
1724	5fffd754fd0e30e417e860ed9d3eb80221fad19cdb92f07ffd7c42621dc5063c.eXe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1112	5fffd754fd0e30e417e860ed9d3eb80221fad19cdb92f07ffd7c42621dc5063c.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 1724	1112	5fffd754fd0e30e417e860ed9d3eb80221fad19cdb92f07ffd7c42621dc5063c.exe	28
PID 1112 wrote to memory of 1724	1112	5fffd754fd0e30e417e860ed9d3eb80221fad19cdb92f07ffd7c42621dc5063c.exe	28
PID 1112 wrote to memory of 1724	1112	5fffd754fd0e30e417e860ed9d3eb80221fad19cdb92f07ffd7c42621dc5063c.exe	28
PID 1112 wrote to memory of 1724	1112	5fffd754fd0e30e417e860ed9d3eb80221fad19cdb92f07ffd7c42621dc5063c.exe	28
PID 1112 wrote to memory of 1724	1112	5fffd754fd0e30e417e860ed9d3eb80221fad19cdb92f07ffd7c42621dc5063c.exe	28
PID 1112 wrote to memory of 1724	1112	5fffd754fd0e30e417e860ed9d3eb80221fad19cdb92f07ffd7c42621dc5063c.exe	28
PID 1112 wrote to memory of 1724	1112	5fffd754fd0e30e417e860ed9d3eb80221fad19cdb92f07ffd7c42621dc5063c.exe	28
PID 1112 wrote to memory of 1724	1112	5fffd754fd0e30e417e860ed9d3eb80221fad19cdb92f07ffd7c42621dc5063c.exe	28
PID 1724 wrote to memory of 1276	1724	5fffd754fd0e30e417e860ed9d3eb80221fad19cdb92f07ffd7c42621dc5063c.eXe	16
PID 1724 wrote to memory of 1276	1724	5fffd754fd0e30e417e860ed9d3eb80221fad19cdb92f07ffd7c42621dc5063c.eXe	16
PID 1724 wrote to memory of 1276	1724	5fffd754fd0e30e417e860ed9d3eb80221fad19cdb92f07ffd7c42621dc5063c.eXe	16
PID 1724 wrote to memory of 1276	1724	5fffd754fd0e30e417e860ed9d3eb80221fad19cdb92f07ffd7c42621dc5063c.eXe	16
PID 1724 wrote to memory of 1276	1724	5fffd754fd0e30e417e860ed9d3eb80221fad19cdb92f07ffd7c42621dc5063c.eXe	16
PID 1724 wrote to memory of 1276	1724	5fffd754fd0e30e417e860ed9d3eb80221fad19cdb92f07ffd7c42621dc5063c.eXe	16

C:\Users\Admin\AppData\Local\Temp\5fffd754fd0e30e417e860ed9d3eb80221fad19cdb92f07ffd7c42621dc5063c.exe
"C:\Users\Admin\AppData\Local\Temp\5fffd754fd0e30e417e860ed9d3eb80221fad19cdb92f07ffd7c42621dc5063c.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Users\Admin\AppData\Local\Temp\5fffd754fd0e30e417e860ed9d3eb80221fad19cdb92f07ffd7c42621dc5063c.eXe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1724

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1112-56-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1112-65-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1276-68-0x000000007EFC0000-0x000000007EFC6000-memory.dmp

Filesize
24KB

Download
memory/1724-57-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1724-58-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1724-60-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1724-61-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1724-64-0x0000000075B11000-0x0000000075B13000-memory.dmp

Filesize
8KB

Download
memory/1724-66-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1724-67-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download