c0b16736cf7c63bfa3fdba258a72cb84c8f94dc07154bf3110167dd5d74ea3c4

General

Target

c0b16736cf7c63bfa3fdba258a72cb84c8f94dc07154bf3110167dd5d74ea3c4.exe
Size

128KB
MD5

06ebcf5908d227d1d26acb2f73825287
SHA1

4bf3eab2f52f0984dfc4ef0dbfe8fa3993ac9ffe
SHA256

c0b16736cf7c63bfa3fdba258a72cb84c8f94dc07154bf3110167dd5d74ea3c4
SHA512

bde1ddaf8d71952f74c5076be33e5fa67ce06d295690430eb57d3ee70ae1691aa8c7b88f3a8365ca2efc4facb7209f6d55cc28fb22dac22d1c6019d95dc8dad1
SSDEEP

1536:DDfDbhERTatPLTLLbC+8BMNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabau:PiRTe3n8BMAW6J6f1tqF6dngNmaZrN

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1600	omsecor.exe
1456	omsecor.exe

Loads dropped DLL 2 IoCs

pid	Process
1620	c0b16736cf7c63bfa3fdba258a72cb84c8f94dc07154bf3110167dd5d74ea3c4.exe
1620	c0b16736cf7c63bfa3fdba258a72cb84c8f94dc07154bf3110167dd5d74ea3c4.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1648 set thread context of 1620	1648	c0b16736cf7c63bfa3fdba258a72cb84c8f94dc07154bf3110167dd5d74ea3c4.exe	27
PID 1600 set thread context of 1456	1600	omsecor.exe	29

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 1620	1648	c0b16736cf7c63bfa3fdba258a72cb84c8f94dc07154bf3110167dd5d74ea3c4.exe	27
PID 1648 wrote to memory of 1620	1648	c0b16736cf7c63bfa3fdba258a72cb84c8f94dc07154bf3110167dd5d74ea3c4.exe	27
PID 1648 wrote to memory of 1620	1648	c0b16736cf7c63bfa3fdba258a72cb84c8f94dc07154bf3110167dd5d74ea3c4.exe	27
PID 1648 wrote to memory of 1620	1648	c0b16736cf7c63bfa3fdba258a72cb84c8f94dc07154bf3110167dd5d74ea3c4.exe	27
PID 1648 wrote to memory of 1620	1648	c0b16736cf7c63bfa3fdba258a72cb84c8f94dc07154bf3110167dd5d74ea3c4.exe	27
PID 1648 wrote to memory of 1620	1648	c0b16736cf7c63bfa3fdba258a72cb84c8f94dc07154bf3110167dd5d74ea3c4.exe	27
PID 1620 wrote to memory of 1600	1620	c0b16736cf7c63bfa3fdba258a72cb84c8f94dc07154bf3110167dd5d74ea3c4.exe	28
PID 1620 wrote to memory of 1600	1620	c0b16736cf7c63bfa3fdba258a72cb84c8f94dc07154bf3110167dd5d74ea3c4.exe	28
PID 1620 wrote to memory of 1600	1620	c0b16736cf7c63bfa3fdba258a72cb84c8f94dc07154bf3110167dd5d74ea3c4.exe	28
PID 1620 wrote to memory of 1600	1620	c0b16736cf7c63bfa3fdba258a72cb84c8f94dc07154bf3110167dd5d74ea3c4.exe	28
PID 1600 wrote to memory of 1456	1600	omsecor.exe	29
PID 1600 wrote to memory of 1456	1600	omsecor.exe	29
PID 1600 wrote to memory of 1456	1600	omsecor.exe	29
PID 1600 wrote to memory of 1456	1600	omsecor.exe	29
PID 1600 wrote to memory of 1456	1600	omsecor.exe	29
PID 1600 wrote to memory of 1456	1600	omsecor.exe	29

C:\Users\Admin\AppData\Local\Temp\c0b16736cf7c63bfa3fdba258a72cb84c8f94dc07154bf3110167dd5d74ea3c4.exe
"C:\Users\Admin\AppData\Local\Temp\c0b16736cf7c63bfa3fdba258a72cb84c8f94dc07154bf3110167dd5d74ea3c4.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Users\Admin\AppData\Local\Temp\c0b16736cf7c63bfa3fdba258a72cb84c8f94dc07154bf3110167dd5d74ea3c4.exe
  C:\Users\Admin\AppData\Local\Temp\c0b16736cf7c63bfa3fdba258a72cb84c8f94dc07154bf3110167dd5d74ea3c4.exe
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1620
- - C:\Users\Admin\AppData\Roaming\omsecor.exe
    C:\Users\Admin\AppData\Roaming\omsecor.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:1600
  - - C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      4⤵
      Executes dropped EXE
      PID:1456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
128KB

MD5
d1646fb6280e2c4524e8e67dde0fe6e8

SHA1
28fc06930a36a1b596b33183c954e743f2425754

SHA256
079cff1741695df7d78dd357fc41bf22b7867f97e9785d3e8520eb131b8b1a55

SHA512
3e610cb22cd5c2319969f01c5a400921b15ef37b673030a248e5fd353ff66acea87f4e980fbbcb28814a2c751b5443a74bd51b43cd9ea9749a52c0b445a50acf

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
128KB

MD5
d1646fb6280e2c4524e8e67dde0fe6e8

SHA1
28fc06930a36a1b596b33183c954e743f2425754

SHA256
079cff1741695df7d78dd357fc41bf22b7867f97e9785d3e8520eb131b8b1a55

SHA512
3e610cb22cd5c2319969f01c5a400921b15ef37b673030a248e5fd353ff66acea87f4e980fbbcb28814a2c751b5443a74bd51b43cd9ea9749a52c0b445a50acf

Download Submit
C:\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
128KB

MD5
d1646fb6280e2c4524e8e67dde0fe6e8

SHA1
28fc06930a36a1b596b33183c954e743f2425754

SHA256
079cff1741695df7d78dd357fc41bf22b7867f97e9785d3e8520eb131b8b1a55

SHA512
3e610cb22cd5c2319969f01c5a400921b15ef37b673030a248e5fd353ff66acea87f4e980fbbcb28814a2c751b5443a74bd51b43cd9ea9749a52c0b445a50acf

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
128KB

MD5
d1646fb6280e2c4524e8e67dde0fe6e8

SHA1
28fc06930a36a1b596b33183c954e743f2425754

SHA256
079cff1741695df7d78dd357fc41bf22b7867f97e9785d3e8520eb131b8b1a55

SHA512
3e610cb22cd5c2319969f01c5a400921b15ef37b673030a248e5fd353ff66acea87f4e980fbbcb28814a2c751b5443a74bd51b43cd9ea9749a52c0b445a50acf

Download Submit
\Users\Admin\AppData\Roaming\omsecor.exe

Filesize
128KB

MD5
d1646fb6280e2c4524e8e67dde0fe6e8

SHA1
28fc06930a36a1b596b33183c954e743f2425754

SHA256
079cff1741695df7d78dd357fc41bf22b7867f97e9785d3e8520eb131b8b1a55

SHA512
3e610cb22cd5c2319969f01c5a400921b15ef37b673030a248e5fd353ff66acea87f4e980fbbcb28814a2c751b5443a74bd51b43cd9ea9749a52c0b445a50acf

Download Submit
memory/1456-75-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1620-60-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1620-54-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1620-59-0x0000000075C61000-0x0000000075C63000-memory.dmp

Filesize
8KB

Download
memory/1620-56-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1620-65-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads