Analysis
-
max time kernel
41s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
24-11-2022 07:39
Static task
static1
Behavioral task
behavioral1
Sample
468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe
Resource
win10v2004-20221111-en
General
-
Target
468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe
-
Size
746KB
-
MD5
2b4a4eac064e0c21dbdad638e0fea456
-
SHA1
bdd76464c9523fdb2c5dab5fdfb77bdca6393458
-
SHA256
468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9
-
SHA512
b8cb59c14347b43e082a1682816d0da535dde1b95bcc08cfe5354c74353dfd242b2988444ca1a77354d77dd4bf8d1e0754251f52c22d72872b399a108f9f4553
-
SSDEEP
12288:3oIeC8+Fm3Wq9eCsZz0W/vUPqXofOEzMqJAVcc6MhoeSXNdodtNiR2k:452Qn9enJ9YfO+JAVfgdi3wR2k
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral1/memory/288-55-0x0000000000400000-0x00000000004F8000-memory.dmp upx behavioral1/memory/288-57-0x0000000000400000-0x00000000004F8000-memory.dmp upx behavioral1/memory/288-59-0x0000000000400000-0x00000000004F8000-memory.dmp upx behavioral1/memory/288-63-0x0000000000400000-0x00000000004F8000-memory.dmp upx behavioral1/memory/288-64-0x0000000000400000-0x00000000004F8000-memory.dmp upx behavioral1/memory/288-65-0x0000000000400000-0x00000000004F8000-memory.dmp upx behavioral1/memory/288-66-0x0000000000400000-0x00000000004F8000-memory.dmp upx -
Suspicious use of SetThreadContext 1 IoCs
Processes:
468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exedescription pid process target process PID 1412 set thread context of 288 1412 468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe 468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe -
Processes:
468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main 468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
Processes:
468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exepid process 288 468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe 288 468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe 288 468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe 288 468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe 288 468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe -
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exedescription pid process target process PID 1412 wrote to memory of 288 1412 468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe 468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe PID 1412 wrote to memory of 288 1412 468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe 468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe PID 1412 wrote to memory of 288 1412 468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe 468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe PID 1412 wrote to memory of 288 1412 468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe 468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe PID 1412 wrote to memory of 288 1412 468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe 468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe PID 1412 wrote to memory of 288 1412 468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe 468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe PID 1412 wrote to memory of 288 1412 468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe 468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe PID 1412 wrote to memory of 288 1412 468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe 468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe"C:\Users\Admin\AppData\Local\Temp\468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe"C:\Users\Admin\AppData\Local\Temp\468ba8685f5c3af5feba1affd9d10a327c204bd15ad51095527fb3f9af06cca9.exe"2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/288-54-0x0000000000400000-0x00000000004F8000-memory.dmpFilesize
992KB
-
memory/288-55-0x0000000000400000-0x00000000004F8000-memory.dmpFilesize
992KB
-
memory/288-57-0x0000000000400000-0x00000000004F8000-memory.dmpFilesize
992KB
-
memory/288-59-0x0000000000400000-0x00000000004F8000-memory.dmpFilesize
992KB
-
memory/288-60-0x00000000004EE740-mapping.dmp
-
memory/288-62-0x0000000075771000-0x0000000075773000-memory.dmpFilesize
8KB
-
memory/288-63-0x0000000000400000-0x00000000004F8000-memory.dmpFilesize
992KB
-
memory/288-64-0x0000000000400000-0x00000000004F8000-memory.dmpFilesize
992KB
-
memory/288-65-0x0000000000400000-0x00000000004F8000-memory.dmpFilesize
992KB
-
memory/288-66-0x0000000000400000-0x00000000004F8000-memory.dmpFilesize
992KB