d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104

General

Target

d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104.exe
Size

32KB
MD5

b2ea2f3764067ec3c02a4f2bd743e84c
SHA1

43d977a40d925de5c4f06f871321c8ab11587c29
SHA256

d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104
SHA512

6e9d21049c35e4f207dbda5c49d0209094bc4cf5963befcc5801f123f38fa67f782893205fc6b8f518e3c65096727581b00b6254e20106935d1c658287c07f01
SSDEEP

384:ccJzZ+EUGfJrh91wx1TznfypnkXlXaIaHtUPMgSru4lujG+47gx:cc5sWJz1wx1TDfy1K1sz7g

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
320	mscodecs.exe
1220	mscodecs.exe

Deletes itself 1 IoCs

pid	Process
1220	mscodecs.exe

Loads dropped DLL 3 IoCs

pid	Process
944	d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104.exe
944	d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104.exe
320	mscodecs.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 948 set thread context of 944	948	d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104.exe	26
PID 320 set thread context of 1220	320	mscodecs.exe	28

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 944	948	d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104.exe	26
PID 948 wrote to memory of 944	948	d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104.exe	26
PID 948 wrote to memory of 944	948	d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104.exe	26
PID 948 wrote to memory of 944	948	d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104.exe	26
PID 948 wrote to memory of 944	948	d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104.exe	26
PID 948 wrote to memory of 944	948	d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104.exe	26
PID 948 wrote to memory of 944	948	d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104.exe	26
PID 948 wrote to memory of 944	948	d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104.exe	26
PID 944 wrote to memory of 320	944	d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104.exe	27
PID 944 wrote to memory of 320	944	d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104.exe	27
PID 944 wrote to memory of 320	944	d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104.exe	27
PID 944 wrote to memory of 320	944	d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104.exe	27
PID 320 wrote to memory of 1220	320	mscodecs.exe	28
PID 320 wrote to memory of 1220	320	mscodecs.exe	28
PID 320 wrote to memory of 1220	320	mscodecs.exe	28
PID 320 wrote to memory of 1220	320	mscodecs.exe	28
PID 320 wrote to memory of 1220	320	mscodecs.exe	28
PID 320 wrote to memory of 1220	320	mscodecs.exe	28
PID 320 wrote to memory of 1220	320	mscodecs.exe	28
PID 320 wrote to memory of 1220	320	mscodecs.exe	28

C:\Users\Admin\AppData\Local\Temp\d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104.exe
"C:\Users\Admin\AppData\Local\Temp\d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:948
- C:\Users\Admin\AppData\Local\Temp\d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104.exe
  "C:\Users\Admin\AppData\Local\Temp\d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:944
- - C:\Users\Admin\AppData\Local\Temp\mscodecs.exe
    C:\Users\Admin\AppData\Local\Temp\mscodecs.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:320
  - - C:\Users\Admin\AppData\Local\Temp\mscodecs.exe
      C:\Users\Admin\AppData\Local\Temp\mscodecs.exe
      4⤵
      Executes dropped EXE
      Deletes itself
      PID:1220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\auat498.tmp

Filesize
206B

MD5
0d6abce2440e181123b82f9007e0677f

SHA1
e097d824d6caff570bca8d7809d7ca90428edbb4

SHA256
56984b9bae3130badcfa8c1dad7cc5d6e84e23b93064629d08fab824edd535c9

SHA512
9f350eeeab27671a8f8b8097f50e056a0f0a2a6cd1d09d161502f618b60b54807f1d97fe30f60f88684b52a36ed785fc976f91c0b83304d2dd12d243b4a45ba2

Download Submit
C:\Users\Admin\AppData\Local\Temp\mscodecs.exe

Filesize
32KB

MD5
b2ea2f3764067ec3c02a4f2bd743e84c

SHA1
43d977a40d925de5c4f06f871321c8ab11587c29

SHA256
d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104

SHA512
6e9d21049c35e4f207dbda5c49d0209094bc4cf5963befcc5801f123f38fa67f782893205fc6b8f518e3c65096727581b00b6254e20106935d1c658287c07f01

Download Submit
C:\Users\Admin\AppData\Local\Temp\mscodecs.exe

Filesize
32KB

MD5
b2ea2f3764067ec3c02a4f2bd743e84c

SHA1
43d977a40d925de5c4f06f871321c8ab11587c29

SHA256
d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104

SHA512
6e9d21049c35e4f207dbda5c49d0209094bc4cf5963befcc5801f123f38fa67f782893205fc6b8f518e3c65096727581b00b6254e20106935d1c658287c07f01

Download Submit
C:\Users\Admin\AppData\Local\Temp\mscodecs.exe

Filesize
32KB

MD5
b2ea2f3764067ec3c02a4f2bd743e84c

SHA1
43d977a40d925de5c4f06f871321c8ab11587c29

SHA256
d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104

SHA512
6e9d21049c35e4f207dbda5c49d0209094bc4cf5963befcc5801f123f38fa67f782893205fc6b8f518e3c65096727581b00b6254e20106935d1c658287c07f01

Download Submit
\Users\Admin\AppData\Local\Temp\mscodecs.exe

Filesize
32KB

MD5
b2ea2f3764067ec3c02a4f2bd743e84c

SHA1
43d977a40d925de5c4f06f871321c8ab11587c29

SHA256
d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104

SHA512
6e9d21049c35e4f207dbda5c49d0209094bc4cf5963befcc5801f123f38fa67f782893205fc6b8f518e3c65096727581b00b6254e20106935d1c658287c07f01

Download Submit
\Users\Admin\AppData\Local\Temp\mscodecs.exe

Filesize
32KB

MD5
b2ea2f3764067ec3c02a4f2bd743e84c

SHA1
43d977a40d925de5c4f06f871321c8ab11587c29

SHA256
d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104

SHA512
6e9d21049c35e4f207dbda5c49d0209094bc4cf5963befcc5801f123f38fa67f782893205fc6b8f518e3c65096727581b00b6254e20106935d1c658287c07f01

Download Submit
\Users\Admin\AppData\Local\Temp\mscodecs.exe

Filesize
32KB

MD5
b2ea2f3764067ec3c02a4f2bd743e84c

SHA1
43d977a40d925de5c4f06f871321c8ab11587c29

SHA256
d1d6bcb1e318abc7f8bb92d4eb3da9dd78843fa9bf456ceed0cf7bd666387104

SHA512
6e9d21049c35e4f207dbda5c49d0209094bc4cf5963befcc5801f123f38fa67f782893205fc6b8f518e3c65096727581b00b6254e20106935d1c658287c07f01

Download Submit
memory/944-54-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/944-56-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1220-68-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads