1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21

Analysis

max time kernel
1s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 14:34

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe
Size

1.3MB
MD5

36d4609770f63c4232ac58c221604ad7
SHA1

a1b76065929394f5529c46aaa3b2be5acc493af6
SHA256

1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21
SHA512

7bd534c01eba0ff3309ae4c125e419a58cd426e1f62e8b6b355bee9c2074a7fb9631a6cea2bb4d78a3a1df6559628fd0ac64d7e31ad93ddf3ecc0e41c4023bc6
SSDEEP

24576:jrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPakm:jrKo4ZwCOnYjVmJPa9

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe

description	pid	process	target process
PID 1280 set thread context of 2004	1280	1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe	1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe

description	pid	process	target process
PID 1280 wrote to memory of 2004	1280	1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe	1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe
PID 1280 wrote to memory of 2004	1280	1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe	1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe
PID 1280 wrote to memory of 2004	1280	1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe	1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe
PID 1280 wrote to memory of 2004	1280	1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe	1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe
PID 1280 wrote to memory of 2004	1280	1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe	1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe
PID 1280 wrote to memory of 2004	1280	1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe	1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe
PID 1280 wrote to memory of 2004	1280	1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe	1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe
PID 1280 wrote to memory of 2004	1280	1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe	1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe
PID 1280 wrote to memory of 2004	1280	1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe	1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe
PID 1280 wrote to memory of 2004	1280	1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe	1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe
PID 1280 wrote to memory of 2004	1280	1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe	1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe

C:\Users\Admin\AppData\Local\Temp\1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe
"C:\Users\Admin\AppData\Local\Temp\1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1280

C:\Users\Admin\AppData\Local\Temp\1d9b0ddf5969a702906e6b06ba68c2f2554e440980dae5404b556785d4839e21.exe
2⤵
PID:2004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2004-54-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/2004-55-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/2004-57-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/2004-59-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/2004-61-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/2004-63-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/2004-66-0x000000000044E057-mapping.dmp

Download
memory/2004-65-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/2004-68-0x0000000075811000-0x0000000075813000-memory.dmp

Filesize
8KB

Download
memory/2004-69-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download