7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44

Analysis

max time kernel
208s
max time network
239s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
28/11/2022, 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe
Size

10.5MB
MD5

9a983957907350caa6a630ff86440d5d
SHA1

b3f771d821801331ad615c55a1bc3553eec46619
SHA256

7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44
SHA512

ededa127cd82caeb3305f7a3541cb06165708a6a0a673701ebc9e7f9f59c6b538adc8e9ce68d299f0fbe61b482dbe9e03673c68c2bf6ac302c77a409c994f96d
SSDEEP

196608:Xi18lvAl8I+AMRQsgGzeJad2UMuhMEE1T:XiWlfzeS2UM1Eo

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2832 set thread context of 212	2832	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	83
PID 212 set thread context of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87

Suspicious use of WriteProcessMemory 47 IoCs

description	pid	Process	procid_target
PID 2832 wrote to memory of 212	2832	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	83
PID 2832 wrote to memory of 212	2832	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	83
PID 2832 wrote to memory of 212	2832	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	83
PID 2832 wrote to memory of 212	2832	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	83
PID 2832 wrote to memory of 212	2832	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	83
PID 2832 wrote to memory of 212	2832	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	83
PID 2832 wrote to memory of 212	2832	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	83
PID 2832 wrote to memory of 212	2832	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	83
PID 2832 wrote to memory of 212	2832	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	83
PID 2832 wrote to memory of 212	2832	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	83
PID 2832 wrote to memory of 212	2832	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	83
PID 2832 wrote to memory of 212	2832	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	83
PID 2832 wrote to memory of 212	2832	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	83
PID 2832 wrote to memory of 212	2832	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	83
PID 2832 wrote to memory of 212	2832	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	83
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87
PID 212 wrote to memory of 2248	212	7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe	87

C:\Users\Admin\AppData\Local\Temp\7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe
"C:\Users\Admin\AppData\Local\Temp\7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2832
- C:\Users\Admin\AppData\Local\Temp\7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe
  "C:\Users\Admin\AppData\Local\Temp\7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:212
- - C:\Users\Admin\AppData\Local\Temp\7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe
    "C:\Users\Admin\AppData\Local\Temp\7efe1aa8da66fb754e3846dd666572fdda387f55781fe58f7f2a7ba3d3e25d44.exe"
    3⤵
    PID:2248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/212-133-0x0000000013140000-0x0000000013657000-memory.dmp

Filesize
5.1MB

Download
memory/212-134-0x0000000013140000-0x0000000013657000-memory.dmp

Filesize
5.1MB

Download
memory/212-135-0x0000000013140000-0x0000000013657000-memory.dmp

Filesize
5.1MB

Download
memory/212-137-0x0000000013140000-0x0000000013657000-memory.dmp

Filesize
5.1MB

Download
memory/212-138-0x0000000013140000-0x0000000013657000-memory.dmp

Filesize
5.1MB

Download
memory/212-140-0x0000000013140000-0x0000000013657000-memory.dmp

Filesize
5.1MB

Download
memory/212-142-0x0000000013140000-0x0000000013657000-memory.dmp

Filesize
5.1MB

Download
memory/212-141-0x0000000013140000-0x0000000013657000-memory.dmp

Filesize
5.1MB

Download
memory/212-144-0x0000000013140000-0x0000000013657000-memory.dmp

Filesize
5.1MB

Download
memory/212-145-0x0000000013140000-0x0000000013657000-memory.dmp

Filesize
5.1MB

Download
memory/212-173-0x0000000013140000-0x0000000013657000-memory.dmp

Filesize
5.1MB

Download
memory/212-163-0x0000000010410000-0x00000000106F6000-memory.dmp

Filesize
2.9MB

Download
memory/212-161-0x0000000013140000-0x0000000013657000-memory.dmp

Filesize
5.1MB

Download
memory/2248-149-0x0000000000400000-0x000000000074F000-memory.dmp

Filesize
3.3MB

Download
memory/2248-159-0x0000000000400000-0x000000000074F000-memory.dmp

Filesize
3.3MB

Download
memory/2248-153-0x0000000000400000-0x000000000074F000-memory.dmp

Filesize
3.3MB

Download
memory/2248-154-0x0000000000400000-0x000000000074F000-memory.dmp

Filesize
3.3MB

Download
memory/2248-155-0x0000000000400000-0x000000000074F000-memory.dmp

Filesize
3.3MB

Download
memory/2248-157-0x0000000000400000-0x000000000074F000-memory.dmp

Filesize
3.3MB

Download
memory/2248-158-0x0000000000400000-0x000000000074F000-memory.dmp

Filesize
3.3MB

Download
memory/2248-151-0x0000000000400000-0x000000000074F000-memory.dmp

Filesize
3.3MB

Download
memory/2248-148-0x0000000000400000-0x000000000074F000-memory.dmp

Filesize
3.3MB

Download
memory/2248-162-0x0000000000400000-0x000000000074F000-memory.dmp

Filesize
3.3MB

Download
memory/2248-147-0x0000000000400000-0x000000000074F000-memory.dmp

Filesize
3.3MB

Download
memory/2248-174-0x0000000010410000-0x00000000106F6000-memory.dmp

Filesize
2.9MB

Download
memory/2248-175-0x0000000010410000-0x00000000106F6000-memory.dmp

Filesize
2.9MB

Download
memory/2248-176-0x0000000010410000-0x00000000106F6000-memory.dmp

Filesize
2.9MB

Download
memory/2248-177-0x0000000000400000-0x000000000074F000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads