eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5

Analysis

max time kernel
99s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 05:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
Size

374KB
MD5

09319094be9b06d32a58e1d9a7b0061d
SHA1

8faf7cd689f39bb8d001362879f95dc7b3b60a4f
SHA256

eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5
SHA512

c1e739c4f1be8a5249ea3d10a762e6ae5e90763117b189114043a63dc8b60b8fb89698e4e864b5d471b1b2cfb6a652899e380c4402611d4da4557b8417bfd11e
SSDEEP

6144:NHwhVh7xJYe8Rb925eeZHswgXNRT60q1hqgMvnKgnY4RTPqAQS9PbC4d:NHwhDZMbAM7LJqXq9KgnY4kAF9Pe4d

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 28 IoCs

pid	Process
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2796 set thread context of 1832	2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe	82

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2796 wrote to memory of 1832	2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe	82
PID 2796 wrote to memory of 1832	2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe	82
PID 2796 wrote to memory of 1832	2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe	82
PID 2796 wrote to memory of 1832	2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe	82
PID 2796 wrote to memory of 1832	2796	eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe	82

C:\Users\Admin\AppData\Local\Temp\eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
"C:\Users\Admin\AppData\Local\Temp\eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Users\Admin\AppData\Local\Temp\eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
  C:\Users\Admin\AppData\Local\Temp\eef7336f5c60ecfce61b737c230cfeb20d2495f6887a16c961e2981265d186c5.exe
  2⤵
  PID:1832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\cd.dll

Filesize
52KB

MD5
536995ca3f9da1bc6aaa900948e0314f

SHA1
cdd6b8b8cece3b905b9d18242724136c6ab2013c

SHA256
24b3c94761a8b726fc91944fd25f64406b39dd4d9414ef333899321471cdf922

SHA512
d502b7f83ad48ec49bd94699545ebca636c374f6d89b2d1f230bfff0ead0153e61c5347febebd22ff1fc2918555b90a0212291eb9cb668b9132fc774243658a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\le.dll

Filesize
76KB

MD5
e2ed22dc9aa028788bd7739eabf11a45

SHA1
a0c50e0b40f7e6dad07d076309b0833c0d5c467c

SHA256
711e3f81f848e7960ac52cf55683422dd7400f3f879e451445d29af656f41349

SHA512
75d5a3c3df48745513ca56b58e87a5cebe061cd22364d10be9c42ecb96f1391df694816e6f72f72d44f2b0ed7ace725362af039d39ced859bc19860da0244e3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\le.dll

Filesize
76KB

MD5
e2ed22dc9aa028788bd7739eabf11a45

SHA1
a0c50e0b40f7e6dad07d076309b0833c0d5c467c

SHA256
711e3f81f848e7960ac52cf55683422dd7400f3f879e451445d29af656f41349

SHA512
75d5a3c3df48745513ca56b58e87a5cebe061cd22364d10be9c42ecb96f1391df694816e6f72f72d44f2b0ed7ace725362af039d39ced859bc19860da0244e3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\le.dll

Filesize
76KB

MD5
e2ed22dc9aa028788bd7739eabf11a45

SHA1
a0c50e0b40f7e6dad07d076309b0833c0d5c467c

SHA256
711e3f81f848e7960ac52cf55683422dd7400f3f879e451445d29af656f41349

SHA512
75d5a3c3df48745513ca56b58e87a5cebe061cd22364d10be9c42ecb96f1391df694816e6f72f72d44f2b0ed7ace725362af039d39ced859bc19860da0244e3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\le.dll

Filesize
76KB

MD5
e2ed22dc9aa028788bd7739eabf11a45

SHA1
a0c50e0b40f7e6dad07d076309b0833c0d5c467c

SHA256
711e3f81f848e7960ac52cf55683422dd7400f3f879e451445d29af656f41349

SHA512
75d5a3c3df48745513ca56b58e87a5cebe061cd22364d10be9c42ecb96f1391df694816e6f72f72d44f2b0ed7ace725362af039d39ced859bc19860da0244e3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\le.dll

Filesize
76KB

MD5
e2ed22dc9aa028788bd7739eabf11a45

SHA1
a0c50e0b40f7e6dad07d076309b0833c0d5c467c

SHA256
711e3f81f848e7960ac52cf55683422dd7400f3f879e451445d29af656f41349

SHA512
75d5a3c3df48745513ca56b58e87a5cebe061cd22364d10be9c42ecb96f1391df694816e6f72f72d44f2b0ed7ace725362af039d39ced859bc19860da0244e3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\le.dll

Filesize
76KB

MD5
e2ed22dc9aa028788bd7739eabf11a45

SHA1
a0c50e0b40f7e6dad07d076309b0833c0d5c467c

SHA256
711e3f81f848e7960ac52cf55683422dd7400f3f879e451445d29af656f41349

SHA512
75d5a3c3df48745513ca56b58e87a5cebe061cd22364d10be9c42ecb96f1391df694816e6f72f72d44f2b0ed7ace725362af039d39ced859bc19860da0244e3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\le.dll

Filesize
76KB

MD5
e2ed22dc9aa028788bd7739eabf11a45

SHA1
a0c50e0b40f7e6dad07d076309b0833c0d5c467c

SHA256
711e3f81f848e7960ac52cf55683422dd7400f3f879e451445d29af656f41349

SHA512
75d5a3c3df48745513ca56b58e87a5cebe061cd22364d10be9c42ecb96f1391df694816e6f72f72d44f2b0ed7ace725362af039d39ced859bc19860da0244e3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\le.dll

Filesize
76KB

MD5
e2ed22dc9aa028788bd7739eabf11a45

SHA1
a0c50e0b40f7e6dad07d076309b0833c0d5c467c

SHA256
711e3f81f848e7960ac52cf55683422dd7400f3f879e451445d29af656f41349

SHA512
75d5a3c3df48745513ca56b58e87a5cebe061cd22364d10be9c42ecb96f1391df694816e6f72f72d44f2b0ed7ace725362af039d39ced859bc19860da0244e3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\le.dll

Filesize
76KB

MD5
e2ed22dc9aa028788bd7739eabf11a45

SHA1
a0c50e0b40f7e6dad07d076309b0833c0d5c467c

SHA256
711e3f81f848e7960ac52cf55683422dd7400f3f879e451445d29af656f41349

SHA512
75d5a3c3df48745513ca56b58e87a5cebe061cd22364d10be9c42ecb96f1391df694816e6f72f72d44f2b0ed7ace725362af039d39ced859bc19860da0244e3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\lz.dll

Filesize
76KB

MD5
91c0047d4d099d7c02049d92be5c2947

SHA1
dedb1ab7e3d765811b79154e4e9ad1370de60675

SHA256
0bf85a42e4d249152efa5da883ea0245b9b699c142a8bd19d31584c35591b080

SHA512
4041e240fcc3998c9fe3ecfbe198f8f5642561c9875304c273eca08b308c9239b5119e35e314825d8d6b593d2415e7c4ca7fc00fcb7220b22dab0a1191dcf16a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\lz.dll

Filesize
76KB

MD5
91c0047d4d099d7c02049d92be5c2947

SHA1
dedb1ab7e3d765811b79154e4e9ad1370de60675

SHA256
0bf85a42e4d249152efa5da883ea0245b9b699c142a8bd19d31584c35591b080

SHA512
4041e240fcc3998c9fe3ecfbe198f8f5642561c9875304c273eca08b308c9239b5119e35e314825d8d6b593d2415e7c4ca7fc00fcb7220b22dab0a1191dcf16a

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.0.0.2\lz.dll

Filesize
76KB

MD5
91c0047d4d099d7c02049d92be5c2947

SHA1
dedb1ab7e3d765811b79154e4e9ad1370de60675

SHA256
0bf85a42e4d249152efa5da883ea0245b9b699c142a8bd19d31584c35591b080

SHA512
4041e240fcc3998c9fe3ecfbe198f8f5642561c9875304c273eca08b308c9239b5119e35e314825d8d6b593d2415e7c4ca7fc00fcb7220b22dab0a1191dcf16a

Download Submit
memory/1832-176-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1832-175-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1832-174-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1832-173-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2796-164-0x00000000022B0000-0x00000000022BF000-memory.dmp

Filesize
60KB

Download
memory/2796-171-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2796-139-0x00000000006F0000-0x00000000006FF000-memory.dmp

Filesize
60KB

Download
memory/2796-140-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2796-144-0x00000000022A0000-0x00000000022AF000-memory.dmp

Filesize
60KB

Download
memory/2796-133-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads