89772842ac845fc4440847aefedb52f07a4aea8c27a986e3fd2b9c6b08140185

Analysis

max time kernel
148s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
11/08/2023, 01:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7.exe
Size

434KB
MD5

32779bb4eda0b1834dc50d88f4930c3e
SHA1

7041fb14c8593d2657d4244d6930a35a2745f96e
SHA256

8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7
SHA512

aeb8e88e9b016df87228be72517694f1c382fde0e1f42bb3e91f0fba22ef8abc7298aec89cb8439d1c1bb20ae2429f1d4bee5a99f9fd78f4a8d7840ca856b0c8
SSDEEP

12288:ObfJmY1oCMa3Wyex7ykWynLSKJ13oqnuj/ro:O7bKCM0ax7ykWynLRJ1Y+uTro

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 18 IoCs

flow	pid	Process
15	656	cmd.exe
16	656	cmd.exe
17	656	cmd.exe
27	656	cmd.exe
28	656	cmd.exe
42	656	cmd.exe
43	656	cmd.exe
44	656	cmd.exe
48	656	cmd.exe
52	656	cmd.exe
53	656	cmd.exe
54	656	cmd.exe
58	656	cmd.exe
59	656	cmd.exe
60	656	cmd.exe
61	656	cmd.exe
62	656	cmd.exe
63	656	cmd.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2468 set thread context of 656	2468	8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7.exe	82

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2468	8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7.exe
2468	8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7.exe
656	cmd.exe
656	cmd.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 656	2468	8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7.exe	82
PID 2468 wrote to memory of 656	2468	8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7.exe	82
PID 2468 wrote to memory of 656	2468	8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7.exe	82
PID 2468 wrote to memory of 656	2468	8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7.exe	82
PID 2468 wrote to memory of 656	2468	8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7.exe	82

C:\Users\Admin\AppData\Local\Temp\8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7.exe
"C:\Users\Admin\AppData\Local\Temp\8a93eabf56949eb69dc5c81a39645fec215d967d126751a8bb72e2f90a3c41c7.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  PID:656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\fdbfecc\echfdkk\dadhbef

Filesize
180B

MD5
524482ef797d04c0bcf66677da019c29

SHA1
8af54e85a8bc70b81b73d01e1c53cb8173c15944

SHA256
de0921fb4cf301b3985362507aad608ad3fd66200e16e90d4e749eb6ac0a835a

SHA512
57166c4cc1abf800b211bdc6fc539a4d7fb0548dd40696c3a24685e09098ef014bc5ca3d050aa35cacd4d8517b3c80a2500b9d5f382ac15a39100e06dea816f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\hffbdac

Filesize
136B

MD5
d0a223e4e19538f6cd46e0c62f26da49

SHA1
420dbf4d876635fccf7f34df79ee7cd3574ec8d2

SHA256
d709668a4d75eab598a62b4fa36e1edef03d873ec96241426d8a56a0ad2363e6

SHA512
e51b59e9a2cbf84e0016b59f4f06ff349ba2b3aa32dd9c012cb6d2851f70c853b9f869b2a6b09ca3b74c9dbc688da2b3174f4b1f492948edd5d36a5b4971083a

Download Submit
memory/656-138-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/656-135-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/656-139-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/656-137-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/656-144-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/656-145-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/656-143-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/656-146-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/656-147-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/656-148-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2468-136-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download