ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2

Analysis

max time kernel
36s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23/11/2022, 21:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe
Size

82KB
MD5

52cc032d84abacf0d4ef9cb59c8a164a
SHA1

7c4bf2201bbe3aaefee49c30d5293d4e3ecca37e
SHA256

ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2
SHA512

07829a245bf6e1f3d996801b130708036c2cc02be4076eaff47b196012a9f8276d7f4d5f1dee1dafe9fb6a3bfb2737fac00921739a452cb73846db2a7d3a0107
SSDEEP

1536:lipOgnbzTPaz+PK0+hy5/gZonuRDdhYJhmmnkwHmeKHCKKEth:YZnz7D5/gTOLUCKiK/t

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 996 set thread context of 952	996	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	28

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 996 wrote to memory of 952	996	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	28
PID 996 wrote to memory of 952	996	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	28
PID 996 wrote to memory of 952	996	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	28
PID 996 wrote to memory of 952	996	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	28
PID 996 wrote to memory of 952	996	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	28
PID 996 wrote to memory of 952	996	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	28
PID 996 wrote to memory of 952	996	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	28
PID 996 wrote to memory of 952	996	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	28
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16
PID 952 wrote to memory of 1216	952	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	16

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1216
- C:\Users\Admin\AppData\Local\Temp\ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe
  "C:\Users\Admin\AppData\Local\Temp\ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:996
- - C:\Users\Admin\AppData\Local\Temp\ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe
    "C:\Users\Admin\AppData\Local\Temp\ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/952-56-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/952-60-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/952-61-0x00000000751A1000-0x00000000751A3000-memory.dmp

Filesize
8KB

Download
memory/952-62-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/996-54-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/996-55-0x00000000003B0000-0x00000000003C7000-memory.dmp

Filesize
92KB

Download
memory/996-59-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download