Analysis
-
max time kernel
88s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2023 10:24
Static task
static1
Behavioral task
behavioral1
Sample
7336f79a5f062008e1b29b842cd200f9.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
7336f79a5f062008e1b29b842cd200f9.exe
Resource
win10v2004-20220812-en
General
-
Target
7336f79a5f062008e1b29b842cd200f9.exe
-
Size
765KB
-
MD5
7336f79a5f062008e1b29b842cd200f9
-
SHA1
b46cbaaacbd0719f271f11c7623a39a7b325d7b3
-
SHA256
e3a27c3ad8688d37503d3cce23029ccaf3c66b795250f6149efbd715921dd09f
-
SHA512
8d265a418a4a7b668e73e1145fbb31ffa3f755d483172e3dd2a2d598cdbaa03d1c043dfb867af5a2eb0b19a961466a8adfe215c955fbb176be53df181ca77fa5
-
SSDEEP
12288:Mt4y1KMtEwcU3gZ+GQzjkATGds/2B4LwNkSVVLJc1E5UYY7BTOqm+6KV11Ipr:2f1K6AAgZbQzlGYs4LwnreYGIj+VVPq
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
7336f79a5f062008e1b29b842cd200f9.exedescription pid process target process PID 4460 set thread context of 3716 4460 7336f79a5f062008e1b29b842cd200f9.exe 7336f79a5f062008e1b29b842cd200f9.exe -
Suspicious behavior: EnumeratesProcesses 13 IoCs
Processes:
7336f79a5f062008e1b29b842cd200f9.exe7336f79a5f062008e1b29b842cd200f9.exepid process 4460 7336f79a5f062008e1b29b842cd200f9.exe 4460 7336f79a5f062008e1b29b842cd200f9.exe 4460 7336f79a5f062008e1b29b842cd200f9.exe 4460 7336f79a5f062008e1b29b842cd200f9.exe 4460 7336f79a5f062008e1b29b842cd200f9.exe 4460 7336f79a5f062008e1b29b842cd200f9.exe 4460 7336f79a5f062008e1b29b842cd200f9.exe 4460 7336f79a5f062008e1b29b842cd200f9.exe 4460 7336f79a5f062008e1b29b842cd200f9.exe 4460 7336f79a5f062008e1b29b842cd200f9.exe 4460 7336f79a5f062008e1b29b842cd200f9.exe 3716 7336f79a5f062008e1b29b842cd200f9.exe 3716 7336f79a5f062008e1b29b842cd200f9.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
7336f79a5f062008e1b29b842cd200f9.exedescription pid process Token: SeDebugPrivilege 4460 7336f79a5f062008e1b29b842cd200f9.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
7336f79a5f062008e1b29b842cd200f9.exedescription pid process target process PID 4460 wrote to memory of 3716 4460 7336f79a5f062008e1b29b842cd200f9.exe 7336f79a5f062008e1b29b842cd200f9.exe PID 4460 wrote to memory of 3716 4460 7336f79a5f062008e1b29b842cd200f9.exe 7336f79a5f062008e1b29b842cd200f9.exe PID 4460 wrote to memory of 3716 4460 7336f79a5f062008e1b29b842cd200f9.exe 7336f79a5f062008e1b29b842cd200f9.exe PID 4460 wrote to memory of 3716 4460 7336f79a5f062008e1b29b842cd200f9.exe 7336f79a5f062008e1b29b842cd200f9.exe PID 4460 wrote to memory of 3716 4460 7336f79a5f062008e1b29b842cd200f9.exe 7336f79a5f062008e1b29b842cd200f9.exe PID 4460 wrote to memory of 3716 4460 7336f79a5f062008e1b29b842cd200f9.exe 7336f79a5f062008e1b29b842cd200f9.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7336f79a5f062008e1b29b842cd200f9.exe"C:\Users\Admin\AppData\Local\Temp\7336f79a5f062008e1b29b842cd200f9.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7336f79a5f062008e1b29b842cd200f9.exe"C:\Users\Admin\AppData\Local\Temp\7336f79a5f062008e1b29b842cd200f9.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3716-137-0x0000000000000000-mapping.dmp
-
memory/3716-138-0x0000000000400000-0x000000000042F000-memory.dmpFilesize
188KB
-
memory/3716-139-0x0000000000400000-0x000000000042F000-memory.dmpFilesize
188KB
-
memory/3716-140-0x00000000018C0000-0x0000000001C0A000-memory.dmpFilesize
3.3MB
-
memory/4460-132-0x00000000009B0000-0x0000000000A76000-memory.dmpFilesize
792KB
-
memory/4460-133-0x0000000005AD0000-0x0000000006074000-memory.dmpFilesize
5.6MB
-
memory/4460-134-0x0000000005430000-0x00000000054C2000-memory.dmpFilesize
584KB
-
memory/4460-135-0x0000000005420000-0x000000000542A000-memory.dmpFilesize
40KB
-
memory/4460-136-0x0000000009270000-0x000000000930C000-memory.dmpFilesize
624KB