Analysis

  • max time kernel
    43s
  • max time network
    29s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 23:50

General

  • Target

    392fcf1f2113c19c8ab11864f92a3ef1c9f785ea55068ee64e7ecb872477b7a9.exe

  • Size

    248KB

  • MD5

    36542d9ffd7080feaa3db2c03e15b45e

  • SHA1

    f3f322a99accf4290a1e1db02f34d121cd3d2999

  • SHA256

    392fcf1f2113c19c8ab11864f92a3ef1c9f785ea55068ee64e7ecb872477b7a9

  • SHA512

    7f94ac496c48eb004e82640189cb2185634b2eccbd1938623cf13f6097d3a08f16a5e39320af37e1d6b91a662e6e1f6566be8fdef33447c0cbafac84239c1979

  • SSDEEP

    6144:MHcibmZ9h9v1szp5VvfM//fWCvxKD7l1azeXfnkU:+ciaZxvAvfMbxKDYqMU

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1216
      • C:\Users\Admin\AppData\Local\Temp\392fcf1f2113c19c8ab11864f92a3ef1c9f785ea55068ee64e7ecb872477b7a9.exe
        "C:\Users\Admin\AppData\Local\Temp\392fcf1f2113c19c8ab11864f92a3ef1c9f785ea55068ee64e7ecb872477b7a9.exe"
        2⤵
        • Suspicious use of SetThreadContext
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:952
        • C:\Users\Admin\AppData\Local\Temp\392fcf1f2113c19c8ab11864f92a3ef1c9f785ea55068ee64e7ecb872477b7a9.exe
          "C:\Users\Admin\AppData\Local\Temp\392fcf1f2113c19c8ab11864f92a3ef1c9f785ea55068ee64e7ecb872477b7a9.exe"
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:688

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/688-65-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

    • memory/688-71-0x0000000010000000-0x0000000010011000-memory.dmp

      Filesize

      68KB

    • memory/688-70-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

    • memory/688-66-0x00000000004074ED-mapping.dmp

    • memory/952-54-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

    • memory/952-59-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

    • memory/952-60-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

    • memory/952-61-0x0000000075AE1000-0x0000000075AE3000-memory.dmp

      Filesize

      8KB

    • memory/952-62-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

    • memory/952-58-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

    • memory/952-57-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

    • memory/952-68-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

    • memory/952-55-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

    • memory/952-56-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

    • memory/1216-72-0x000000007EFC0000-0x000000007EFC6000-memory.dmp

      Filesize

      24KB