a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187

Analysis

max time kernel
43s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 04:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe
Size

315KB
MD5

8efd9f184013f1b9e86144352e2ab255
SHA1

ece1d67613ad0387293e0e9bb7b1cc1667a0d810
SHA256

a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187
SHA512

707253a787ce7872bcb2947cc68fa2a92157e7c5f0bc72e9dbd6fc5a682189fd045a5d21d795576265187b76539f1f45fb6cf0c94f4559034568018add2e59b9
SSDEEP

6144:01vC2F8NXC796TB9vj48F5/YxnGKQPCMyxaRP01xvYcsNK:MteVQkTrvj4m5/YxnGKQPCnx4gxvYcsU

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1712 set thread context of 544	1712	a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe	28

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
544	a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe
544	a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1712	a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 112	1712	a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe	27
PID 1712 wrote to memory of 112	1712	a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe	27
PID 1712 wrote to memory of 112	1712	a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe	27
PID 1712 wrote to memory of 112	1712	a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe	27
PID 1712 wrote to memory of 544	1712	a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe	28
PID 1712 wrote to memory of 544	1712	a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe	28
PID 1712 wrote to memory of 544	1712	a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe	28
PID 1712 wrote to memory of 544	1712	a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe	28
PID 1712 wrote to memory of 544	1712	a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe	28
PID 1712 wrote to memory of 544	1712	a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe	28
PID 1712 wrote to memory of 544	1712	a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe	28
PID 1712 wrote to memory of 544	1712	a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe	28
PID 544 wrote to memory of 1224	544	a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe	12
PID 544 wrote to memory of 1224	544	a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe	12
PID 544 wrote to memory of 1224	544	a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe	12
PID 544 wrote to memory of 1224	544	a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe	12

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1224
- C:\Users\Admin\AppData\Local\Temp\a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe
  "C:\Users\Admin\AppData\Local\Temp\a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1712
- - C:\Users\Admin\AppData\Local\Temp\a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe
    C:\Users\Admin\AppData\Local\Temp\a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe
    3⤵
    PID:112
- - C:\Users\Admin\AppData\Local\Temp\a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe
    C:\Users\Admin\AppData\Local\Temp\a0ede724a4bfe282e5562224c936695ec1c53c80f237691763d0c12c5c5b5187.exe
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/544-58-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/544-59-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/544-61-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/544-62-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/544-66-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/544-71-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1224-68-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1712-54-0x0000000000330000-0x000000000036A000-memory.dmp

Filesize
232KB

Download
memory/1712-57-0x00000000765B1000-0x00000000765B3000-memory.dmp

Filesize
8KB

Download
memory/1712-65-0x0000000074990000-0x0000000074F3B000-memory.dmp

Filesize
5.7MB

Download