5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf

Analysis

max time kernel
39s
max time network
43s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 14:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe
Size

231KB
MD5

a6e4ba335b95c523e1012be56f5868a7
SHA1

588940c437b5dada1897f02676b30ca8c89a2f4a
SHA256

5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf
SHA512

641252990d5fceb45f17d8ced320f0cd52002bf3d70de67b9de160550c5752fe77183fa25eb9f1441dc5802e2dcb8aca114970a5675dd521af69414fc7199161
SSDEEP

6144:N2cqBgdXmpiFgcxP3ygaiVwm9rcUrgoDvvX:4cqBkPOchyv65rX3Dv/

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe

description	pid	process	target process
PID 1504 set thread context of 1460	1504	5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe	5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe

description	pid	process	target process
PID 1504 wrote to memory of 1460	1504	5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe	5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe
PID 1504 wrote to memory of 1460	1504	5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe	5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe
PID 1504 wrote to memory of 1460	1504	5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe	5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe
PID 1504 wrote to memory of 1460	1504	5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe	5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe
PID 1504 wrote to memory of 1460	1504	5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe	5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe
PID 1504 wrote to memory of 1460	1504	5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe	5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe
PID 1504 wrote to memory of 1460	1504	5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe	5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe
PID 1504 wrote to memory of 1460	1504	5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe	5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe
PID 1504 wrote to memory of 1460	1504	5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe	5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe

C:\Users\Admin\AppData\Local\Temp\5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe
"C:\Users\Admin\AppData\Local\Temp\5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1504
- \??\c:\users\admin\appdata\local\temp\5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe
  "c:\users\admin\appdata\local\temp\5710e9438affe63de3b8fc057e399606029bcf3db977d5d342eb4eb0e1732eaf.exe"
  2⤵
  PID:1460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1460-54-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1460-55-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1460-57-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1460-58-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1460-60-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1460-61-0x0000000000431055-mapping.dmp

Download
memory/1460-63-0x00000000768A1000-0x00000000768A3000-memory.dmp

Filesize
8KB

Download
memory/1460-64-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1460-65-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download