ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07-11-2022 09:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe
Size

66KB
MD5

0fccb96da5649a2af218c08397a7406c
SHA1

6ae85d924d39c9b9fa750a5526a16c858a7f5b4a
SHA256

ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717
SHA512

0e2230ecf7c36b19e224a1e8942c0de36e12e7f202d09bbfac5095ddfc14b76789adfb549752f49368a61fe5771bdcff0079b762904bfcbaf8f5c750cd1e864f
SSDEEP

1536:S+zHcTalTzHz/lBx6NxgH8cVkaRHp9dMadhbQn:rznhzHz/lBs2H8OkaxdZdFi

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1048 set thread context of 540	1048	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	27

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 540	1048	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	27
PID 1048 wrote to memory of 540	1048	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	27
PID 1048 wrote to memory of 540	1048	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	27
PID 1048 wrote to memory of 540	1048	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	27
PID 1048 wrote to memory of 540	1048	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	27
PID 1048 wrote to memory of 540	1048	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	27
PID 1048 wrote to memory of 540	1048	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	27
PID 1048 wrote to memory of 540	1048	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	27
PID 1048 wrote to memory of 540	1048	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	27
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10
PID 540 wrote to memory of 1216	540	ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe	10

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1216
- C:\Users\Admin\AppData\Local\Temp\ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe
  "C:\Users\Admin\AppData\Local\Temp\ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:1048
- - C:\Users\Admin\AppData\Local\Temp\ebaa85c43bf811a768688d6063bac7a58d47c4481a8c06915f72cf3c96f2f717.exe
    䌢尺獕牥屳摁業屮灁䑰瑡屡潌慣屬敔灭敜慢㡡挵㌴晢ㄸ愱㘷㘸㠸㙤㘰戳捡愷㠵㑤挷㐴ㄸ㡡っ㤶㔱㝦挲㍦㥣昶昲ㄷ⸷硥≥
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/540-54-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/540-55-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/540-57-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/540-58-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/540-60-0x0000000000402831-mapping.dmp

Download
memory/540-59-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/540-63-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/540-64-0x0000000076171000-0x0000000076173000-memory.dmp

Filesize
8KB

Download
memory/540-65-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1048-61-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download