cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02

Analysis

max time kernel
47s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 14:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe
Size

48KB
MD5

042f4e1b786d9d1ad669931207a12667
SHA1

8c13f881666ecd4fc1d805a1a83d84deeaa30bf1
SHA256

cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02
SHA512

5987c62e1dfbd30803572ff09bcdd6dc55b0fd03c2970b7cc7ecf4a1723751efc15d61d5c4ccbc67eae401ca6285afaa40a1a9a3493387b0acc1c5f8dd10bf1b
SSDEEP

384:6xP7z+14kQS1/Gof16+NMkcB+oGm+k0RgUv8QUbArHqSX8AQjkM7E0:AEQS793SthQnvtjf8Br

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1544 set thread context of 1612	1544	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	26

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 1612	1544	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	26
PID 1544 wrote to memory of 1612	1544	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	26
PID 1544 wrote to memory of 1612	1544	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	26
PID 1544 wrote to memory of 1612	1544	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	26
PID 1544 wrote to memory of 1612	1544	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	26
PID 1544 wrote to memory of 1612	1544	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	26
PID 1544 wrote to memory of 1612	1544	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	26
PID 1544 wrote to memory of 1612	1544	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	26
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15
PID 1612 wrote to memory of 1220	1612	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	15

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1220
- C:\Users\Admin\AppData\Local\Temp\cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe
  "C:\Users\Admin\AppData\Local\Temp\cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:1544
- - C:\Users\Admin\AppData\Local\Temp\cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe
    C:\Users\Admin\AppData\Local\Temp\cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1612-54-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1612-57-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1612-58-0x0000000075681000-0x0000000075683000-memory.dmp

Filesize
8KB

Download
memory/1612-59-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download