Analysis
-
max time kernel
22s -
max time network
62s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 12:44
Static task
static1
Behavioral task
behavioral1
Sample
61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe
Resource
win10v2004-20221111-en
General
-
Target
61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe
-
Size
1.5MB
-
MD5
6128fcedd8cd4bbc4c632eb8147a6393
-
SHA1
a6138b67ac06550e75986ba9fb006719688f75bf
-
SHA256
61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317
-
SHA512
1b3215a0f14330d7b4ab0fc3df8da71395119ddece0d76b3e160440f639522d7f7e74a3f82e587a4eaab5358f30bf21bf778eb5ea8e7d294c453d0273a7206b9
-
SSDEEP
24576:lzD5urNhRWx2Mk4JJQByw7Imlq3g495S0PwbphrpgXXOZuv/rTWeR5j4UwJZQUY3:/6/ye0PIphrp9Zuvjqa0Uido
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exedescription pid process target process PID 1704 set thread context of 1176 1704 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe -
Processes:
61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
Processes:
61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exepid process 1176 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe 1176 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe 1176 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe 1176 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe 1176 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exedescription pid process target process PID 1704 wrote to memory of 1176 1704 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe PID 1704 wrote to memory of 1176 1704 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe PID 1704 wrote to memory of 1176 1704 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe PID 1704 wrote to memory of 1176 1704 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe PID 1704 wrote to memory of 1176 1704 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe PID 1704 wrote to memory of 1176 1704 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe PID 1704 wrote to memory of 1176 1704 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe PID 1704 wrote to memory of 1176 1704 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe PID 1704 wrote to memory of 1176 1704 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe PID 1704 wrote to memory of 1176 1704 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe PID 1704 wrote to memory of 1176 1704 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe 61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe"C:\Users\Admin\AppData\Local\Temp\61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe"C:\Users\Admin\AppData\Local\Temp\61d009f3761300524651c0e4fcf2da4ace9a9c8e194fd8fcf692d18f12def317.exe"2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1176-54-0x0000000000400000-0x00000000004DF000-memory.dmpFilesize
892KB
-
memory/1176-55-0x0000000000400000-0x00000000004DF000-memory.dmpFilesize
892KB
-
memory/1176-57-0x0000000000400000-0x00000000004DF000-memory.dmpFilesize
892KB
-
memory/1176-59-0x0000000000400000-0x00000000004DF000-memory.dmpFilesize
892KB
-
memory/1176-61-0x0000000000400000-0x00000000004DF000-memory.dmpFilesize
892KB
-
memory/1176-63-0x0000000000400000-0x00000000004DF000-memory.dmpFilesize
892KB
-
memory/1176-65-0x0000000000400000-0x00000000004DF000-memory.dmpFilesize
892KB
-
memory/1176-66-0x000000000045304C-mapping.dmp
-
memory/1176-68-0x00000000752B1000-0x00000000752B3000-memory.dmpFilesize
8KB
-
memory/1176-69-0x0000000000400000-0x00000000004DF000-memory.dmpFilesize
892KB
-
memory/1176-70-0x0000000000400000-0x00000000004DF000-memory.dmpFilesize
892KB
-
memory/1176-71-0x0000000000400000-0x00000000004DF000-memory.dmpFilesize
892KB
-
memory/1176-72-0x0000000000400000-0x00000000004DF000-memory.dmpFilesize
892KB