Overview

overview

5

Static

static

e847754d18...fc.exe

windows7-x64

5

e847754d18...fc.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    156s
  • max time network
    178s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/12/2022, 18:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e847754d18ceb3d58594342e7a8825daae91004b842a8678ac8231b81bf573fc.exe

  • Size

    80KB

  • MD5

    312d9be81418899eb79283916c476680

  • SHA1

    4dcb56f21ba98946bb3dd2c2de8caa7f7b6e0df9

  • SHA256

    e847754d18ceb3d58594342e7a8825daae91004b842a8678ac8231b81bf573fc

  • SHA512

    8ab0dc196a3cf4bdaed99300ce0233acfc69b0ed9cf9e618d1e2ea1f1313f33f2707f24524e6ec3bf6cd28c2bf0078e23190da70be5f28e21a664a04e8b76852

  • SSDEEP

    1536:9xl2Bmb0mg5Tf9u8vVjYCgz/DJHdTNRpJ66tSlBXn:Pl2BmbxgZfYWtutHdhRj664H3

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:2584
      • C:\Users\Admin\AppData\Local\Temp\e847754d18ceb3d58594342e7a8825daae91004b842a8678ac8231b81bf573fc.exe
        "C:\Users\Admin\AppData\Local\Temp\e847754d18ceb3d58594342e7a8825daae91004b842a8678ac8231b81bf573fc.exe"
        2⤵
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:1384
        • C:\Users\Admin\AppData\Local\Temp\e847754d18ceb3d58594342e7a8825daae91004b842a8678ac8231b81bf573fc.exe
          "C:\Users\Admin\AppData\Local\Temp\e847754d18ceb3d58594342e7a8825daae91004b842a8678ac8231b81bf573fc.exe" :\Users\Admin\AppData\Local\Temp\e847754d18ceb3d58594342e7a8825daae91004b842a8678ac8231b81bf573fc.exe"
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1276

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1276-134-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1276-137-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1276-138-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1276-140-0x0000000010000000-0x0000000010013000-memory.dmp

      Filesize

      76KB

      Download

    • memory/1384-132-0x0000000000400000-0x0000000000417000-memory.dmp

      Filesize

      92KB

      Download

    • memory/1384-136-0x0000000000400000-0x0000000000417000-memory.dmp

      Filesize

      92KB

      Download

    • memory/2584-139-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

      Filesize

      28KB

      Download