07258a1296d25b1a58e561583031de04be3cba1c670d1864cad41ed7f845213b

General

Target

07258a1296d25b1a58e561583031de04be3cba1c670d1864cad41ed7f845213b.exe
Size

929KB
MD5

87260dd1798e26a75ba997c60c56c636
SHA1

341eea07a269e882fc770e47b6d0b996dd9196a1
SHA256

07258a1296d25b1a58e561583031de04be3cba1c670d1864cad41ed7f845213b
SHA512

ead7b86d4e7e0db275eb9a8bf7af52b82f53fad2f806db6bc632a90ca0dd6b14e5c68eb9976cf0ff07016b72105f95acd056b27097f2db2a4dc463c2bdefb6a2
SSDEEP

24576:3slXxbFf7GRITl1rz0RDBclCtWn+GtYLaeflbwU5Hj:YX77GRwbrz0JBclCtW1tEaef5wU5H

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4944 set thread context of 4888	4944	07258a1296d25b1a58e561583031de04be3cba1c670d1864cad41ed7f845213b.exe	88

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	07258a1296d25b1a58e561583031de04be3cba1c670d1864cad41ed7f845213b.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4888	07258a1296d25b1a58e561583031de04be3cba1c670d1864cad41ed7f845213b.exe
4888	07258a1296d25b1a58e561583031de04be3cba1c670d1864cad41ed7f845213b.exe
4888	07258a1296d25b1a58e561583031de04be3cba1c670d1864cad41ed7f845213b.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4888	07258a1296d25b1a58e561583031de04be3cba1c670d1864cad41ed7f845213b.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5000	OpenWith.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4944 wrote to memory of 4888	4944	07258a1296d25b1a58e561583031de04be3cba1c670d1864cad41ed7f845213b.exe	88
PID 4944 wrote to memory of 4888	4944	07258a1296d25b1a58e561583031de04be3cba1c670d1864cad41ed7f845213b.exe	88
PID 4944 wrote to memory of 4888	4944	07258a1296d25b1a58e561583031de04be3cba1c670d1864cad41ed7f845213b.exe	88
PID 4944 wrote to memory of 4888	4944	07258a1296d25b1a58e561583031de04be3cba1c670d1864cad41ed7f845213b.exe	88
PID 4944 wrote to memory of 4888	4944	07258a1296d25b1a58e561583031de04be3cba1c670d1864cad41ed7f845213b.exe	88
PID 4944 wrote to memory of 4888	4944	07258a1296d25b1a58e561583031de04be3cba1c670d1864cad41ed7f845213b.exe	88
PID 4944 wrote to memory of 4888	4944	07258a1296d25b1a58e561583031de04be3cba1c670d1864cad41ed7f845213b.exe	88
PID 4944 wrote to memory of 4888	4944	07258a1296d25b1a58e561583031de04be3cba1c670d1864cad41ed7f845213b.exe	88
PID 4944 wrote to memory of 4888	4944	07258a1296d25b1a58e561583031de04be3cba1c670d1864cad41ed7f845213b.exe	88
PID 4944 wrote to memory of 4888	4944	07258a1296d25b1a58e561583031de04be3cba1c670d1864cad41ed7f845213b.exe	88

C:\Users\Admin\AppData\Local\Temp\07258a1296d25b1a58e561583031de04be3cba1c670d1864cad41ed7f845213b.exe
"C:\Users\Admin\AppData\Local\Temp\07258a1296d25b1a58e561583031de04be3cba1c670d1864cad41ed7f845213b.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4944
- C:\Users\Admin\AppData\Local\Temp\07258a1296d25b1a58e561583031de04be3cba1c670d1864cad41ed7f845213b.exe
  "C:\Users\Admin\AppData\Local\Temp\07258a1296d25b1a58e561583031de04be3cba1c670d1864cad41ed7f845213b.exe"
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4888

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\07258a1296d25b1a58e561583031de04be3cba1c670d1864cad41ed7f845213b.exe.log

Filesize
400B

MD5
0a9b4592cd49c3c21f6767c2dabda92f

SHA1
f534297527ae5ccc0ecb2221ddeb8e58daeb8b74

SHA256
c7effe9cb81a70d738dee863991afefab040290d4c4b78b4202383bcb9f88fcd

SHA512
6b878df474e5bbfb8e9e265f15a76560c2ef151dcebc6388c82d7f6f86ffaf83f5ade5a09f1842e493cb6c8fd63b0b88d088c728fd725f7139f965a5ee332307

Download Submit
memory/4888-145-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4888-158-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4888-147-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4888-149-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4888-137-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4888-138-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4888-133-0x0000000000000000-mapping.dmp

Download
memory/4888-148-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4888-143-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4888-144-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4888-146-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4888-165-0x0000000074750000-0x0000000074D01000-memory.dmp

Filesize
5.7MB

Download
memory/4888-166-0x0000000074750000-0x0000000074D01000-memory.dmp

Filesize
5.7MB

Download
memory/4888-135-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4888-136-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4888-151-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4888-152-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4888-154-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4888-157-0x0000000074750000-0x0000000074D01000-memory.dmp

Filesize
5.7MB

Download
memory/4888-134-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4888-156-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4888-161-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4888-162-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4888-164-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/4944-132-0x0000000074750000-0x0000000074D01000-memory.dmp

Filesize
5.7MB

Download
memory/4944-142-0x0000000074750000-0x0000000074D01000-memory.dmp

Filesize
5.7MB

Download

Analysis

Sharing