Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
01-12-2022 17:31
General
-
Target
ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe
-
Size
124KB
-
MD5
a7247982cd47e17c64d43fc4d32ab7ad
-
SHA1
f5df20fb78e6c3201737e3c747cac16cfe221413
-
SHA256
ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d
-
SHA512
8eac1871cbba79b9aa0b356a2eb1f658eb63e87fa83628f12d1455b14aaf721f8e04cec7e90e4b82bbfba186f65a368cf033b610dfa5e501d4b4e0eb85c667e4
-
SSDEEP
1536:/tPr2/kPKMonowh4ooFoNyhUICkT2rLtp4fNGtJ2d9DUMymuGFYp4Py+i6m6j+:/9PPnonoroomISrLtpgNXdyp6m6j+
Score
7/10
Malware Config
Signatures
-
Unexpected DNS network traffic destination 5 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe"C:\Users\Admin\AppData\Local\Temp\ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe"C:\Users\Admin\AppData\Local\Temp\ccf6ec1c89b83e79822244787498282c7183211b0d545ec47d333c34e4dc916d.exe"2⤵
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
-
Filesize
36KB
-
Filesize
36KB