Analysis

  • max time kernel
    140s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    06-08-2023 20:57

General

  • Target

    ReadIRIS_v17_kg.exe

  • Size

    2.6MB

  • MD5

    1067711b85a5f50c51d780109349b9e1

  • SHA1

    c9bbfb120a1c3e7db63f6ef696378e998132210e

  • SHA256

    0c241370f0de0018abc3120a7ae3d1a76167be656d697c107dd5b9ccc2759d7b

  • SHA512

    d394615962f55a292dcb87ddb69ef6f55264e6b31dfa76e9631c6cb2bbeee9e21a217134963ece97c44381e35e04f0f882aee9dde5d7bd93fe51bb9b19982e38

  • SSDEEP

    49152:EV5Pf7cGwU/1fmgHomF2t7C4agB8PFNvX4G1h7VvswtOJKxusKd:y5beacgHo8qP8PFx7FZsZKxu

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ReadIRIS_v17_kg.exe
    "C:\Users\Admin\AppData\Local\Temp\ReadIRIS_v17_kg.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1212
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c pause
      2⤵
        PID:2772
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:2960

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1212-54-0x0000000001200000-0x00000000018A0000-memory.dmp

        Filesize

        6.6MB

      • memory/1212-55-0x0000000076FB0000-0x0000000076FB2000-memory.dmp

        Filesize

        8KB

      • memory/1212-57-0x0000000001200000-0x00000000018A0000-memory.dmp

        Filesize

        6.6MB

      • memory/1212-59-0x0000000000E10000-0x0000000000E11000-memory.dmp

        Filesize

        4KB

      • memory/1212-58-0x00000000010E0000-0x00000000010E1000-memory.dmp

        Filesize

        4KB

      • memory/1212-62-0x0000000002D90000-0x0000000002D91000-memory.dmp

        Filesize

        4KB

      • memory/1212-65-0x0000000000EA0000-0x0000000000EA1000-memory.dmp

        Filesize

        4KB

      • memory/1212-70-0x0000000000CB0000-0x0000000000CB1000-memory.dmp

        Filesize

        4KB

      • memory/1212-69-0x0000000000FB0000-0x0000000000FB1000-memory.dmp

        Filesize

        4KB

      • memory/1212-68-0x0000000000FC0000-0x0000000000FC1000-memory.dmp

        Filesize

        4KB

      • memory/1212-71-0x0000000000470000-0x0000000000471000-memory.dmp

        Filesize

        4KB

      • memory/1212-75-0x0000000000B80000-0x0000000000B81000-memory.dmp

        Filesize

        4KB

      • memory/1212-74-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

        Filesize

        4KB

      • memory/1212-73-0x00000000010F0000-0x00000000010F1000-memory.dmp

        Filesize

        4KB

      • memory/1212-72-0x0000000000FD0000-0x0000000000FD1000-memory.dmp

        Filesize

        4KB

      • memory/1212-67-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

        Filesize

        4KB

      • memory/1212-66-0x0000000000C40000-0x0000000000C41000-memory.dmp

        Filesize

        4KB

      • memory/1212-64-0x0000000002D40000-0x0000000002D41000-memory.dmp

        Filesize

        4KB

      • memory/1212-63-0x0000000000C50000-0x0000000000C51000-memory.dmp

        Filesize

        4KB

      • memory/1212-61-0x0000000000E00000-0x0000000000E01000-memory.dmp

        Filesize

        4KB

      • memory/1212-60-0x0000000002DA0000-0x0000000002DA1000-memory.dmp

        Filesize

        4KB

      • memory/1212-76-0x0000000001200000-0x00000000018A0000-memory.dmp

        Filesize

        6.6MB

      • memory/1212-77-0x0000000001200000-0x00000000018A0000-memory.dmp

        Filesize

        6.6MB

      • memory/1212-78-0x0000000001200000-0x00000000018A0000-memory.dmp

        Filesize

        6.6MB

      • memory/1212-79-0x0000000001200000-0x00000000018A0000-memory.dmp

        Filesize

        6.6MB

      • memory/1212-80-0x0000000001200000-0x00000000018A0000-memory.dmp

        Filesize

        6.6MB

      • memory/1212-81-0x0000000001200000-0x00000000018A0000-memory.dmp

        Filesize

        6.6MB

      • memory/1212-82-0x0000000001200000-0x00000000018A0000-memory.dmp

        Filesize

        6.6MB

      • memory/1212-83-0x0000000001200000-0x00000000018A0000-memory.dmp

        Filesize

        6.6MB

      • memory/1212-84-0x0000000001200000-0x00000000018A0000-memory.dmp

        Filesize

        6.6MB

      • memory/1212-85-0x0000000001200000-0x00000000018A0000-memory.dmp

        Filesize

        6.6MB

      • memory/1212-86-0x0000000001200000-0x00000000018A0000-memory.dmp

        Filesize

        6.6MB

      • memory/1212-87-0x0000000001200000-0x00000000018A0000-memory.dmp

        Filesize

        6.6MB

      • memory/1212-88-0x0000000001200000-0x00000000018A0000-memory.dmp

        Filesize

        6.6MB

      • memory/1212-89-0x0000000001200000-0x00000000018A0000-memory.dmp

        Filesize

        6.6MB

      • memory/1212-90-0x0000000001200000-0x00000000018A0000-memory.dmp

        Filesize

        6.6MB

      • memory/1212-91-0x0000000001200000-0x00000000018A0000-memory.dmp

        Filesize

        6.6MB