ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2

Analysis

max time kernel
181s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2022, 21:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe
Size

82KB
MD5

52cc032d84abacf0d4ef9cb59c8a164a
SHA1

7c4bf2201bbe3aaefee49c30d5293d4e3ecca37e
SHA256

ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2
SHA512

07829a245bf6e1f3d996801b130708036c2cc02be4076eaff47b196012a9f8276d7f4d5f1dee1dafe9fb6a3bfb2737fac00921739a452cb73846db2a7d3a0107
SSDEEP

1536:lipOgnbzTPaz+PK0+hy5/gZonuRDdhYJhmmnkwHmeKHCKKEth:YZnz7D5/gTOLUCKiK/t

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 564 set thread context of 4352	564	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	79

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe
4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 564 wrote to memory of 4352	564	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	79
PID 564 wrote to memory of 4352	564	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	79
PID 564 wrote to memory of 4352	564	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	79
PID 564 wrote to memory of 4352	564	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	79
PID 564 wrote to memory of 4352	564	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	79
PID 564 wrote to memory of 4352	564	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	79
PID 564 wrote to memory of 4352	564	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	79
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36
PID 4352 wrote to memory of 2724	4352	ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe	36

C:\Users\Admin\AppData\Local\Temp\ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe
"C:\Users\Admin\AppData\Local\Temp\ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:564
- C:\Users\Admin\AppData\Local\Temp\ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe
  "C:\Users\Admin\AppData\Local\Temp\ff31b3f3ee5b1e60006a9fdae618f3353739f4d1d860b1d9025e42cd42c80af2.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4352

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:2724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/564-132-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/564-135-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4352-134-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/4352-137-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/4352-138-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download