53a5dff6cff1b47755f336bc681e67dafe1c2f061efd0d166b211c144f8fe04b

General

Target

53a5dff6cff1b47755f336bc681e67dafe1c2f061efd0d166b211c144f8fe04b.exe
Size

501KB
MD5

12d33d798f7f39b1907557f949507c39
SHA1

9d73618f82d9b4167db80a8c5b1be4078dafc55c
SHA256

53a5dff6cff1b47755f336bc681e67dafe1c2f061efd0d166b211c144f8fe04b
SHA512

f35c2a6274eac02bce330269cb7f65669d454cf31c92980a13ba078b31be2e805c31ae90cffb30803cc42fcaa92ff6b94f1f4ee41f4e33dbb011319656e4571e
SSDEEP

12288:LG+i6WfnT2290aFYR8P0oFkuwbZ+7OTIiP:LG597X1Fk3bZ+7OTII

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4996 set thread context of 324	4996	53a5dff6cff1b47755f336bc681e67dafe1c2f061efd0d166b211c144f8fe04b.exe	83

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.new	53a5dff6cff1b47755f336bc681e67dafe1c2f061efd0d166b211c144f8fe04b.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.new	53a5dff6cff1b47755f336bc681e67dafe1c2f061efd0d166b211c144f8fe04b.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4996 wrote to memory of 324	4996	53a5dff6cff1b47755f336bc681e67dafe1c2f061efd0d166b211c144f8fe04b.exe	83
PID 4996 wrote to memory of 324	4996	53a5dff6cff1b47755f336bc681e67dafe1c2f061efd0d166b211c144f8fe04b.exe	83
PID 4996 wrote to memory of 324	4996	53a5dff6cff1b47755f336bc681e67dafe1c2f061efd0d166b211c144f8fe04b.exe	83
PID 4996 wrote to memory of 324	4996	53a5dff6cff1b47755f336bc681e67dafe1c2f061efd0d166b211c144f8fe04b.exe	83
PID 4996 wrote to memory of 324	4996	53a5dff6cff1b47755f336bc681e67dafe1c2f061efd0d166b211c144f8fe04b.exe	83
PID 4996 wrote to memory of 324	4996	53a5dff6cff1b47755f336bc681e67dafe1c2f061efd0d166b211c144f8fe04b.exe	83
PID 4996 wrote to memory of 324	4996	53a5dff6cff1b47755f336bc681e67dafe1c2f061efd0d166b211c144f8fe04b.exe	83
PID 4996 wrote to memory of 324	4996	53a5dff6cff1b47755f336bc681e67dafe1c2f061efd0d166b211c144f8fe04b.exe	83
PID 4996 wrote to memory of 324	4996	53a5dff6cff1b47755f336bc681e67dafe1c2f061efd0d166b211c144f8fe04b.exe	83
PID 4996 wrote to memory of 324	4996	53a5dff6cff1b47755f336bc681e67dafe1c2f061efd0d166b211c144f8fe04b.exe	83

C:\Users\Admin\AppData\Local\Temp\53a5dff6cff1b47755f336bc681e67dafe1c2f061efd0d166b211c144f8fe04b.exe
"C:\Users\Admin\AppData\Local\Temp\53a5dff6cff1b47755f336bc681e67dafe1c2f061efd0d166b211c144f8fe04b.exe"
1⤵
- Suspicious use of SetThreadContext
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4996
- C:\Users\Admin\AppData\Local\Temp\53a5dff6cff1b47755f336bc681e67dafe1c2f061efd0d166b211c144f8fe04b.exe
  "C:\Users\Admin\AppData\Local\Temp\53a5dff6cff1b47755f336bc681e67dafe1c2f061efd0d166b211c144f8fe04b.exe"
  2⤵
  PID:324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\53a5dff6cff1b47755f336bc681e67dafe1c2f061efd0d166b211c144f8fe04b.exe.log

Filesize
400B

MD5
0a9b4592cd49c3c21f6767c2dabda92f

SHA1
f534297527ae5ccc0ecb2221ddeb8e58daeb8b74

SHA256
c7effe9cb81a70d738dee863991afefab040290d4c4b78b4202383bcb9f88fcd

SHA512
6b878df474e5bbfb8e9e265f15a76560c2ef151dcebc6388c82d7f6f86ffaf83f5ade5a09f1842e493cb6c8fd63b0b88d088c728fd725f7139f965a5ee332307

Download Submit
memory/324-151-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/324-154-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/324-135-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/324-137-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/324-138-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/324-136-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/324-139-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/324-142-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/324-153-0x0000000074840000-0x0000000074DF1000-memory.dmp

Filesize
5.7MB

Download
memory/324-144-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/324-145-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/324-146-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/324-148-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/324-147-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/324-150-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/324-143-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/324-176-0x0000000074840000-0x0000000074DF1000-memory.dmp

Filesize
5.7MB

Download
memory/324-156-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/324-157-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/324-160-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/324-161-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/324-163-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/324-164-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/324-166-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/324-167-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/324-170-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/324-171-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/324-173-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/4996-174-0x0000000074840000-0x0000000074DF1000-memory.dmp

Filesize
5.7MB

Download
memory/4996-133-0x0000000074840000-0x0000000074DF1000-memory.dmp

Filesize
5.7MB

Download
memory/4996-132-0x0000000074840000-0x0000000074DF1000-memory.dmp

Filesize
5.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads