3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1

Analysis

max time kernel
160s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 09:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe
Size

455KB
MD5

539582ee3ef7f268af30fb49ec3b78c0
SHA1

811a31664a5b99bcff55f3be402ad22815aa5c17
SHA256

3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1
SHA512

c69667be93445858b438cd19cc7a79351f6d56e577b7e2086613ea19a917e9ed527ea031aa495b9d4bcab0a20b8749c06763e267af7b702589663d88c7757421
SSDEEP

6144:Egbvegtf49L/EgHSkY0V+27/u7+5wUgSCkTc39Iz:dW9L/E4xYZJSm3Cz

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1860	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 928 set thread context of 4696	928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe	82
PID 928 set thread context of 1860	928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe	84

Runs net.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe
928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe
928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe
928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe
928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 928 wrote to memory of 4724	928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe	81
PID 928 wrote to memory of 4724	928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe	81
PID 928 wrote to memory of 4724	928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe	81
PID 928 wrote to memory of 4696	928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe	82
PID 928 wrote to memory of 4696	928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe	82
PID 928 wrote to memory of 4696	928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe	82
PID 928 wrote to memory of 4696	928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe	82
PID 928 wrote to memory of 4696	928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe	82
PID 928 wrote to memory of 4696	928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe	82
PID 928 wrote to memory of 4696	928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe	82
PID 928 wrote to memory of 4696	928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe	82
PID 928 wrote to memory of 1860	928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe	84
PID 928 wrote to memory of 1860	928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe	84
PID 928 wrote to memory of 1860	928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe	84
PID 928 wrote to memory of 1860	928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe	84
PID 928 wrote to memory of 1860	928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe	84
PID 928 wrote to memory of 1860	928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe	84
PID 928 wrote to memory of 1860	928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe	84
PID 928 wrote to memory of 1860	928	3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe	84
PID 4724 wrote to memory of 1248	4724	cmd.exe	86
PID 4724 wrote to memory of 1248	4724	cmd.exe	86
PID 4724 wrote to memory of 1248	4724	cmd.exe	86
PID 1248 wrote to memory of 956	1248	net.exe	88
PID 1248 wrote to memory of 956	1248	net.exe	88
PID 1248 wrote to memory of 956	1248	net.exe	88

C:\Users\Admin\AppData\Local\Temp\3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe
"C:\Users\Admin\AppData\Local\Temp\3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:928
- C:\Windows\SysWOW64\cmd.exe
  /c net stop MpsSvc
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4724
- - C:\Windows\SysWOW64\net.exe
    net stop MpsSvc
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1248
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop MpsSvc
      4⤵
      PID:956
- C:\Program Files (x86)\Internet Explorer\iexplore.exe
  "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
  2⤵
  PID:4696
- C:\Users\Admin\AppData\Local\Temp\3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe
  C:\Users\Admin\AppData\Local\Temp\3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe
  2⤵
  - Executes dropped EXE
  PID:1860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1.exe

Filesize
455KB

MD5
539582ee3ef7f268af30fb49ec3b78c0

SHA1
811a31664a5b99bcff55f3be402ad22815aa5c17

SHA256
3218dc5e3a5ab6ce361e7e5e2cc8bed2743e665c7d982c2ac245673ae3eeb2a1

SHA512
c69667be93445858b438cd19cc7a79351f6d56e577b7e2086613ea19a917e9ed527ea031aa495b9d4bcab0a20b8749c06763e267af7b702589663d88c7757421

Download Submit
memory/928-133-0x0000000002370000-0x0000000002374000-memory.dmp

Filesize
16KB

Download
memory/1860-135-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1860-140-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download