d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78

General

Target

d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78.exe
Size

1.6MB
MD5

7fa432165f96568eb2196787ea46b857
SHA1

2cee7e00e23581014972392f9ce34b107b5d6817
SHA256

d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78
SHA512

c9855a1354fceda137a0b96d9a9457f4b4a2fa21711e26d52f0adf161eaafea610087d6e610314497e7762e8b66236fe5becacfe23a41c961b695381d7a82b01
SSDEEP

12288:+0xNyi0PZZTv4tthukirC5H/7b5i1hxGBoWc:kVZD4t/97f7o1hQHc

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1392	explorer.exe
4468	explorer.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1468 set thread context of 2748	1468	d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78.exe	80
PID 1392 set thread context of 4468	1392	explorer.exe	84

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2748	d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78.exe
2748	d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78.exe
2748	d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78.exe
2748	d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78.exe
4468	explorer.exe
4468	explorer.exe
4468	explorer.exe
4468	explorer.exe
4468	explorer.exe
4468	explorer.exe
4468	explorer.exe
4468	explorer.exe

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 2748	1468	d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78.exe	80
PID 1468 wrote to memory of 2748	1468	d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78.exe	80
PID 1468 wrote to memory of 2748	1468	d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78.exe	80
PID 1468 wrote to memory of 2748	1468	d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78.exe	80
PID 1468 wrote to memory of 2748	1468	d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78.exe	80
PID 1468 wrote to memory of 2748	1468	d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78.exe	80
PID 1468 wrote to memory of 2748	1468	d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78.exe	80
PID 1468 wrote to memory of 2748	1468	d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78.exe	80
PID 1468 wrote to memory of 2748	1468	d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78.exe	80
PID 1468 wrote to memory of 2748	1468	d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78.exe	80
PID 2748 wrote to memory of 1392	2748	d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78.exe	83
PID 2748 wrote to memory of 1392	2748	d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78.exe	83
PID 2748 wrote to memory of 1392	2748	d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78.exe	83
PID 1392 wrote to memory of 4468	1392	explorer.exe	84
PID 1392 wrote to memory of 4468	1392	explorer.exe	84
PID 1392 wrote to memory of 4468	1392	explorer.exe	84
PID 1392 wrote to memory of 4468	1392	explorer.exe	84
PID 1392 wrote to memory of 4468	1392	explorer.exe	84
PID 1392 wrote to memory of 4468	1392	explorer.exe	84
PID 1392 wrote to memory of 4468	1392	explorer.exe	84
PID 1392 wrote to memory of 4468	1392	explorer.exe	84
PID 1392 wrote to memory of 4468	1392	explorer.exe	84
PID 1392 wrote to memory of 4468	1392	explorer.exe	84
PID 4468 wrote to memory of 1688	4468	explorer.exe	89
PID 4468 wrote to memory of 1688	4468	explorer.exe	89
PID 4468 wrote to memory of 1688	4468	explorer.exe	89

C:\Users\Admin\AppData\Local\Temp\d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78.exe
"C:\Users\Admin\AppData\Local\Temp\d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Users\Admin\AppData\Local\Temp\d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78.exe
  "C:\Users\Admin\AppData\Local\Temp\d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2748
- - C:\Users\Admin\AppData\Local\Temp\explorer.exe
    "C:\Users\Admin\AppData\Local\Temp\explorer.exe" --ch=1
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:1392
  - - C:\Users\Admin\AppData\Local\Temp\explorer.exe
      "C:\Users\Admin\AppData\Local\Temp\explorer.exe" --ch=1
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4468
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\6308.bat"
        5⤵
        
        PID:1688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\6308.bat

Filesize
182B

MD5
95b239dc6bcf64bcfb7db25966ebc62d

SHA1
bc244ffcadb2fc32df62107fdf5fa5a5ffb293c8

SHA256
e81cefac8915fa86f279cec18c431873f99510e75549ee3ff4da9a7ffcc522d0

SHA512
c774f4e6eeb3711712af0c2142a25fd4833f3fb445d16a0258b8c37bc31f438cc4a1e44ef0875db7c08d0557a1a6b2410074876e39fe496b399ed7858acea1c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\explorer.exe

Filesize
1.6MB

MD5
7fa432165f96568eb2196787ea46b857

SHA1
2cee7e00e23581014972392f9ce34b107b5d6817

SHA256
d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78

SHA512
c9855a1354fceda137a0b96d9a9457f4b4a2fa21711e26d52f0adf161eaafea610087d6e610314497e7762e8b66236fe5becacfe23a41c961b695381d7a82b01

Download Submit
C:\Users\Admin\AppData\Local\Temp\explorer.exe

Filesize
1.6MB

MD5
7fa432165f96568eb2196787ea46b857

SHA1
2cee7e00e23581014972392f9ce34b107b5d6817

SHA256
d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78

SHA512
c9855a1354fceda137a0b96d9a9457f4b4a2fa21711e26d52f0adf161eaafea610087d6e610314497e7762e8b66236fe5becacfe23a41c961b695381d7a82b01

Download Submit
C:\Users\Admin\AppData\Local\Temp\explorer.exe

Filesize
1.6MB

MD5
7fa432165f96568eb2196787ea46b857

SHA1
2cee7e00e23581014972392f9ce34b107b5d6817

SHA256
d060815b1f8fc9c33ec0be4493429cde9ac679fbf834bae100b36f73a0dfda78

SHA512
c9855a1354fceda137a0b96d9a9457f4b4a2fa21711e26d52f0adf161eaafea610087d6e610314497e7762e8b66236fe5becacfe23a41c961b695381d7a82b01

Download Submit
memory/2748-136-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/2748-137-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/2748-135-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/2748-147-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/2748-134-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/2748-133-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/4468-144-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/4468-145-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/4468-146-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/4468-148-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/4468-150-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads