Overview

overview

5

Static

static

dfa282fdf2...56.exe

windows7-x64

5

dfa282fdf2...56.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    43s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03/12/2022, 19:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dfa282fdf21ede32e22f0eecaecec3fa81a89044a44afaefa7f23dc1f86ac456.exe

  • Size

    52KB

  • MD5

    37ddcedede8fe5a260ad95e0f1637e6f

  • SHA1

    263a2ca94097ae2057c5a390b81426de1ae8c06c

  • SHA256

    dfa282fdf21ede32e22f0eecaecec3fa81a89044a44afaefa7f23dc1f86ac456

  • SHA512

    596f98016eba26b601b0f17f3db2406754129a8102e84726a24701a439e16f5d9646f3d4d4024fee315e896d4b03b575628755027fdbc90da63a54777640cb2d

  • SSDEEP

    1536:0xYaZ+H3ZsbcP3zAn97yZ9Wpcp9pfbbcS0Gjr:0xYZmbiA2+cJv9r

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dfa282fdf21ede32e22f0eecaecec3fa81a89044a44afaefa7f23dc1f86ac456.exe
    "C:\Users\Admin\AppData\Local\Temp\dfa282fdf21ede32e22f0eecaecec3fa81a89044a44afaefa7f23dc1f86ac456.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1980
    • C:\Users\Admin\AppData\Local\Temp\dfa282fdf21ede32e22f0eecaecec3fa81a89044a44afaefa7f23dc1f86ac456.exe
      "C:\Users\Admin\AppData\Local\Temp\dfa282fdf21ede32e22f0eecaecec3fa81a89044a44afaefa7f23dc1f86ac456.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1988
  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1284

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1284-60-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

      Filesize

      28KB

      Download

    • memory/1980-54-0x0000000075831000-0x0000000075833000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1988-55-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1988-58-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1988-63-0x0000000010000000-0x0000000010013000-memory.dmp

      Filesize

      76KB

      Download

    • memory/1988-64-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download