5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0

Analysis

max time kernel
120s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 23:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe
Size

266KB
MD5

72efbfc0eb8f086240af18d292f324ba
SHA1

d041e259c9f1a1757f18a2b102656c69d8e9736a
SHA256

5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0
SHA512

78f1deb519a5d7e1e1dea5253b0c3b41296584ac37e505fa0542e9a2d7bbe97d9f83735f71506988fa8b35f6ccb727064b982c97d1e635219a268cfe6f0b2d44
SSDEEP

3072:JhpgJilY6lyVz9hOist5IQ6VJl/AUgsbASH7HjeGaVw21ftD4:JL+jOSQ6VJl/AUrPHjeFVt1VE

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4988 set thread context of 3540	4988	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	83

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe
3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4988 wrote to memory of 3540	4988	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	83
PID 4988 wrote to memory of 3540	4988	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	83
PID 4988 wrote to memory of 3540	4988	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	83
PID 4988 wrote to memory of 3540	4988	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	83
PID 4988 wrote to memory of 3540	4988	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	83
PID 4988 wrote to memory of 3540	4988	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	83
PID 4988 wrote to memory of 3540	4988	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	83
PID 4988 wrote to memory of 3540	4988	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	83
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50
PID 3540 wrote to memory of 3068	3540	5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe	50

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3068
- C:\Users\Admin\AppData\Local\Temp\5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe
  "C:\Users\Admin\AppData\Local\Temp\5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:4988
- - C:\Users\Admin\AppData\Local\Temp\5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe
    "C:\Users\Admin\AppData\Local\Temp\5db1495093889ea691d6caad46e0d66e8824d962e4b08eb03b9698189c09f2a0.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3540-135-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/3540-138-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/3540-139-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/4988-132-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/4988-133-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/4988-136-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download