db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0

Analysis

max time kernel
166s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 12:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe
Size

11.7MB
MD5

22d5f986c00539600b0d97116cbbb92e
SHA1

7715ceaf145571fa569ccee00e7f7144433dd625
SHA256

db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0
SHA512

7b58ffa39e8596d31179c6d782d6e5b8897eef6651217b7d2ecf3245d8c68940eeedbdbc47a2abb91752260672b4dba7be69a907f71ff093ab909a39a24e09d0
SSDEEP

49152:rUb6aWB0hM0GxAD/oZU8G7Ce4TNY/MvyqOY3q2V0rE:rUGaWBCf40gpG7C1NLvllv3

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2028 set thread context of 1176	2028	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	28
PID 1176 set thread context of 588	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	34

Suspicious use of WriteProcessMemory 40 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 1176	2028	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	28
PID 2028 wrote to memory of 1176	2028	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	28
PID 2028 wrote to memory of 1176	2028	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	28
PID 2028 wrote to memory of 1176	2028	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	28
PID 2028 wrote to memory of 1176	2028	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	28
PID 2028 wrote to memory of 1176	2028	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	28
PID 2028 wrote to memory of 1176	2028	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	28
PID 2028 wrote to memory of 1176	2028	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	28
PID 2028 wrote to memory of 1176	2028	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	28
PID 2028 wrote to memory of 1176	2028	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	28
PID 1176 wrote to memory of 776	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	29
PID 1176 wrote to memory of 776	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	29
PID 1176 wrote to memory of 776	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	29
PID 1176 wrote to memory of 776	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	29
PID 1176 wrote to memory of 1464	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	30
PID 1176 wrote to memory of 1464	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	30
PID 1176 wrote to memory of 1464	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	30
PID 1176 wrote to memory of 1464	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	30
PID 1176 wrote to memory of 1912	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	31
PID 1176 wrote to memory of 1912	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	31
PID 1176 wrote to memory of 1912	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	31
PID 1176 wrote to memory of 1912	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	31
PID 1176 wrote to memory of 1400	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	32
PID 1176 wrote to memory of 1400	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	32
PID 1176 wrote to memory of 1400	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	32
PID 1176 wrote to memory of 1400	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	32
PID 1176 wrote to memory of 1416	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	33
PID 1176 wrote to memory of 1416	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	33
PID 1176 wrote to memory of 1416	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	33
PID 1176 wrote to memory of 1416	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	33
PID 1176 wrote to memory of 588	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	34
PID 1176 wrote to memory of 588	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	34
PID 1176 wrote to memory of 588	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	34
PID 1176 wrote to memory of 588	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	34
PID 1176 wrote to memory of 588	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	34
PID 1176 wrote to memory of 588	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	34
PID 1176 wrote to memory of 588	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	34
PID 1176 wrote to memory of 588	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	34
PID 1176 wrote to memory of 588	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	34
PID 1176 wrote to memory of 588	1176	db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe	34

C:\Users\Admin\AppData\Local\Temp\db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe
"C:\Users\Admin\AppData\Local\Temp\db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Users\Admin\AppData\Local\Temp\db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe
  "C:\Users\Admin\AppData\Local\Temp\db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:1176
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" ext "C:\Users\Admin\AppData\Local\Temp\db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe"
    3⤵
    PID:776
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" ext "C:\Users\Admin\AppData\Local\Temp\db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe"
    3⤵
    PID:1464
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" ext "C:\Users\Admin\AppData\Local\Temp\db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe"
    3⤵
    PID:1912
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" ext "C:\Users\Admin\AppData\Local\Temp\db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe"
    3⤵
    PID:1400
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" ext "C:\Users\Admin\AppData\Local\Temp\db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe"
    3⤵
    PID:1416
- - C:\Windows\SysWOW64\svchost.exe
    "C:\Windows\system32\svchost.exe" ext "C:\Users\Admin\AppData\Local\Temp\db1ac06bbbed41e3635ee7069aad5082b7ced8dbe1f09547a0f5f0d345656de0.exe"
    3⤵
    PID:588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/588-79-0x0000000000400000-0x0000000000741000-memory.dmp

Filesize
3.3MB

Download
memory/588-86-0x0000000000400000-0x0000000000741000-memory.dmp

Filesize
3.3MB

Download
memory/588-85-0x0000000000400000-0x0000000000741000-memory.dmp

Filesize
3.3MB

Download
memory/588-84-0x0000000000400000-0x0000000000741000-memory.dmp

Filesize
3.3MB

Download
memory/588-73-0x0000000000400000-0x0000000000741000-memory.dmp

Filesize
3.3MB

Download
memory/588-77-0x0000000000400000-0x0000000000741000-memory.dmp

Filesize
3.3MB

Download
memory/588-75-0x0000000000400000-0x0000000000741000-memory.dmp

Filesize
3.3MB

Download
memory/588-70-0x0000000000400000-0x0000000000741000-memory.dmp

Filesize
3.3MB

Download
memory/588-71-0x0000000000400000-0x0000000000741000-memory.dmp

Filesize
3.3MB

Download
memory/1176-55-0x0000000000400000-0x00000000005B7000-memory.dmp

Filesize
1.7MB

Download
memory/1176-69-0x0000000000400000-0x00000000005B7000-memory.dmp

Filesize
1.7MB

Download
memory/1176-68-0x0000000000400000-0x00000000005B7000-memory.dmp

Filesize
1.7MB

Download
memory/1176-64-0x0000000000400000-0x00000000005B7000-memory.dmp

Filesize
1.7MB

Download
memory/1176-62-0x0000000000400000-0x00000000005B7000-memory.dmp

Filesize
1.7MB

Download
memory/1176-82-0x0000000000400000-0x00000000005B7000-memory.dmp

Filesize
1.7MB

Download
memory/1176-60-0x0000000000400000-0x00000000005B7000-memory.dmp

Filesize
1.7MB

Download
memory/1176-58-0x0000000000400000-0x00000000005B7000-memory.dmp

Filesize
1.7MB

Download
memory/1176-56-0x0000000000400000-0x00000000005B7000-memory.dmp

Filesize
1.7MB

Download
memory/2028-54-0x00000000767F1000-0x00000000767F3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads