Analysis

  • max time kernel
    25s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03-10-2022 13:41

General

  • Target

    bc7142f067bbdcfd82dae778c8e97560b2661c60dd7d01c7916aa068a5ad8cd5.exe

  • Size

    234KB

  • MD5

    60f8a6f01ced4cbabfdc5c897c3a79b0

  • SHA1

    db731973a1a2c100546b30ac3a1203a66868c24c

  • SHA256

    bc7142f067bbdcfd82dae778c8e97560b2661c60dd7d01c7916aa068a5ad8cd5

  • SHA512

    a372f4ad3a6005789beb3bc84b7fed494ee32ddeb9760faa2c846a119232763638eb97ca08cf09ca070d93ef99f191b916628396feb5e71bf9c6d9c7b5f313ce

  • SSDEEP

    3072:lMQ/CIPv81ktrnkFxQ4YOYCDkIG0ZLp2+AOc0jGOm0jm:lBCIPv81kJnuQYYOzG212+AOFjGORjm

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc7142f067bbdcfd82dae778c8e97560b2661c60dd7d01c7916aa068a5ad8cd5.exe
    "C:\Users\Admin\AppData\Local\Temp\bc7142f067bbdcfd82dae778c8e97560b2661c60dd7d01c7916aa068a5ad8cd5.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1848
    • C:\Users\Admin\AppData\Local\Temp\bc7142f067bbdcfd82dae778c8e97560b2661c60dd7d01c7916aa068a5ad8cd5.exe
      "C:\Users\Admin\AppData\Local\Temp\bc7142f067bbdcfd82dae778c8e97560b2661c60dd7d01c7916aa068a5ad8cd5.exe"
      2⤵
        PID:1788

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1788-55-0x0000000000400000-0x0000000000428000-memory.dmp

      Filesize

      160KB

    • memory/1788-56-0x0000000000400000-0x0000000000428000-memory.dmp

      Filesize

      160KB

    • memory/1788-58-0x0000000000400000-0x0000000000428000-memory.dmp

      Filesize

      160KB

    • memory/1788-59-0x0000000000400000-0x0000000000428000-memory.dmp

      Filesize

      160KB

    • memory/1788-62-0x0000000000412214-mapping.dmp

    • memory/1788-61-0x0000000000400000-0x0000000000428000-memory.dmp

      Filesize

      160KB

    • memory/1788-65-0x0000000075241000-0x0000000075243000-memory.dmp

      Filesize

      8KB

    • memory/1788-66-0x0000000000400000-0x0000000000428000-memory.dmp

      Filesize

      160KB

    • memory/1848-54-0x0000000000400000-0x0000000000440000-memory.dmp

      Filesize

      256KB

    • memory/1848-63-0x0000000000400000-0x0000000000440000-memory.dmp

      Filesize

      256KB