Overview

overview

5

Static

static

392fcf1f21...a9.exe

windows7-x64

5

392fcf1f21...a9.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    91s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/11/2022, 23:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    392fcf1f2113c19c8ab11864f92a3ef1c9f785ea55068ee64e7ecb872477b7a9.exe

  • Size

    248KB

  • MD5

    36542d9ffd7080feaa3db2c03e15b45e

  • SHA1

    f3f322a99accf4290a1e1db02f34d121cd3d2999

  • SHA256

    392fcf1f2113c19c8ab11864f92a3ef1c9f785ea55068ee64e7ecb872477b7a9

  • SHA512

    7f94ac496c48eb004e82640189cb2185634b2eccbd1938623cf13f6097d3a08f16a5e39320af37e1d6b91a662e6e1f6566be8fdef33447c0cbafac84239c1979

  • SSDEEP

    6144:MHcibmZ9h9v1szp5VvfM//fWCvxKD7l1azeXfnkU:+ciaZxvAvfMbxKDYqMU

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:2824
      • C:\Users\Admin\AppData\Local\Temp\392fcf1f2113c19c8ab11864f92a3ef1c9f785ea55068ee64e7ecb872477b7a9.exe
        "C:\Users\Admin\AppData\Local\Temp\392fcf1f2113c19c8ab11864f92a3ef1c9f785ea55068ee64e7ecb872477b7a9.exe"
        2⤵
        • Suspicious use of SetThreadContext
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4512
        • C:\Users\Admin\AppData\Local\Temp\392fcf1f2113c19c8ab11864f92a3ef1c9f785ea55068ee64e7ecb872477b7a9.exe
          "C:\Users\Admin\AppData\Local\Temp\392fcf1f2113c19c8ab11864f92a3ef1c9f785ea55068ee64e7ecb872477b7a9.exe"
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2148

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2148-150-0x0000000010000000-0x0000000010011000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2148-147-0x0000000010000000-0x0000000010011000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2148-146-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2148-144-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2824-149-0x000000007FFC0000-0x000000007FFC6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/4512-136-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

      Download

    • memory/4512-139-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

      Download

    • memory/4512-140-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

      Download

    • memory/4512-138-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

      Download

    • memory/4512-137-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

      Download

    • memory/4512-133-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

      Download

    • memory/4512-132-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

      Download

    • memory/4512-148-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

      Download

    • memory/4512-135-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

      Download

    • memory/4512-134-0x0000000000400000-0x0000000000457000-memory.dmp

      Filesize

      348KB

      Download