89772842ac845fc4440847aefedb52f07a4aea8c27a986e3fd2b9c6b08140185

Analysis

max time kernel
145s
max time network
148s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
11/08/2023, 01:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7.exe
Size

434KB
MD5

32779bb4eda0b1834dc50d88f4930c3e
SHA1

7041fb14c8593d2657d4244d6930a35a2745f96e
SHA256

8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7
SHA512

aeb8e88e9b016df87228be72517694f1c382fde0e1f42bb3e91f0fba22ef8abc7298aec89cb8439d1c1bb20ae2429f1d4bee5a99f9fd78f4a8d7840ca856b0c8
SSDEEP

12288:ObfJmY1oCMa3Wyex7ykWynLSKJ13oqnuj/ro:O7bKCM0ax7ykWynLRJ1Y+uTro

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 17 IoCs

flow	pid	Process
4	2520	cmd.exe
5	2520	cmd.exe
6	2520	cmd.exe
8	2520	cmd.exe
9	2520	cmd.exe
10	2520	cmd.exe
11	2520	cmd.exe
12	2520	cmd.exe
14	2520	cmd.exe
15	2520	cmd.exe
16	2520	cmd.exe
17	2520	cmd.exe
19	2520	cmd.exe
20	2520	cmd.exe
21	2520	cmd.exe
22	2520	cmd.exe
23	2520	cmd.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2068 set thread context of 2520	2068	8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7.exe	28

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2068	8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7.exe
2520	cmd.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 2520	2068	8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7.exe	28
PID 2068 wrote to memory of 2520	2068	8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7.exe	28
PID 2068 wrote to memory of 2520	2068	8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7.exe	28
PID 2068 wrote to memory of 2520	2068	8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7.exe	28
PID 2068 wrote to memory of 2520	2068	8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7.exe	28
PID 2068 wrote to memory of 2520	2068	8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7.exe	28

C:\Users\Admin\AppData\Local\Temp\8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7.exe
"C:\Users\Admin\AppData\Local\Temp\8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  PID:2520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\hfhbfag\bcdefgd\hbhbkha

Filesize
180B

MD5
31bdfa92df8c0639574b165a487213da

SHA1
9582b20229b081bc4b12773e90a6b80884cc147c

SHA256
9477280262365f9fed5b5eeb8e23e1ffc45ed352999ed210af61eae1347404d7

SHA512
fa969b3ea65de9441fa2cb587d36836cb619ac4e186f88659471499c75918d0ac763bf718fad5f2d16f7c963d3943378304cb5f88b5431067e33aca0a2eca30d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cbhcbkd

Filesize
136B

MD5
d0a223e4e19538f6cd46e0c62f26da49

SHA1
420dbf4d876635fccf7f34df79ee7cd3574ec8d2

SHA256
d709668a4d75eab598a62b4fa36e1edef03d873ec96241426d8a56a0ad2363e6

SHA512
e51b59e9a2cbf84e0016b59f4f06ff349ba2b3aa32dd9c012cb6d2851f70c853b9f869b2a6b09ca3b74c9dbc688da2b3174f4b1f492948edd5d36a5b4971083a

Download Submit
memory/2068-57-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2520-56-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2520-58-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2520-59-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2520-60-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2520-64-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2520-65-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2520-66-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2520-68-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2520-69-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download