d1f88ae528bf7f14d38e798f0f8b4b2803ab815217625130df8343461dee9894

Analysis

max time kernel
128s
max time network
133s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
16/08/2023, 15:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d1f88ae528bf7f14d38e798f0f8b4b2803ab815217625130df8343461dee9894.exe
Size

625KB
MD5

befe86e445eba5dcc6a5ffc3c579fe1e
SHA1

63a6245817b31e85f616b41598872e0de5127d89
SHA256

d1f88ae528bf7f14d38e798f0f8b4b2803ab815217625130df8343461dee9894
SHA512

24947a93604a3772a0a6b6be50e44a8db86bec49a70dc89c06985dfe8b1d3eed35e996aeac1bc99d77fa0d36b3ee39f4ca876c6796ecb4e0612f417f5a64b5df
SSDEEP

12288:FnPrce2xpDl+C2wqXiAOtbZpw/vls1N9XSDxVWc4VKzQoUwXYd22W5MC:FnPr6uvOtbZy/ve1NdU7h0ovz2kM

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3532 set thread context of 1960	3532	d1f88ae528bf7f14d38e798f0f8b4b2803ab815217625130df8343461dee9894.exe	70

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1960	d1f88ae528bf7f14d38e798f0f8b4b2803ab815217625130df8343461dee9894.exe
1960	d1f88ae528bf7f14d38e798f0f8b4b2803ab815217625130df8343461dee9894.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3532 wrote to memory of 1960	3532	d1f88ae528bf7f14d38e798f0f8b4b2803ab815217625130df8343461dee9894.exe	70
PID 3532 wrote to memory of 1960	3532	d1f88ae528bf7f14d38e798f0f8b4b2803ab815217625130df8343461dee9894.exe	70
PID 3532 wrote to memory of 1960	3532	d1f88ae528bf7f14d38e798f0f8b4b2803ab815217625130df8343461dee9894.exe	70
PID 3532 wrote to memory of 1960	3532	d1f88ae528bf7f14d38e798f0f8b4b2803ab815217625130df8343461dee9894.exe	70
PID 3532 wrote to memory of 1960	3532	d1f88ae528bf7f14d38e798f0f8b4b2803ab815217625130df8343461dee9894.exe	70
PID 3532 wrote to memory of 1960	3532	d1f88ae528bf7f14d38e798f0f8b4b2803ab815217625130df8343461dee9894.exe	70

C:\Users\Admin\AppData\Local\Temp\d1f88ae528bf7f14d38e798f0f8b4b2803ab815217625130df8343461dee9894.exe
"C:\Users\Admin\AppData\Local\Temp\d1f88ae528bf7f14d38e798f0f8b4b2803ab815217625130df8343461dee9894.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3532
- C:\Users\Admin\AppData\Local\Temp\d1f88ae528bf7f14d38e798f0f8b4b2803ab815217625130df8343461dee9894.exe
  "C:\Users\Admin\AppData\Local\Temp\d1f88ae528bf7f14d38e798f0f8b4b2803ab815217625130df8343461dee9894.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1960-135-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1960-139-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1960-138-0x00000000010D0000-0x00000000013F0000-memory.dmp

Filesize
3.1MB

Download
memory/3532-130-0x0000000073420000-0x0000000073B0E000-memory.dmp

Filesize
6.9MB

Download
memory/3532-132-0x0000000004D90000-0x0000000004D9E000-memory.dmp

Filesize
56KB

Download
memory/3532-127-0x0000000004B10000-0x0000000004B1A000-memory.dmp

Filesize
40KB

Download
memory/3532-128-0x00000000054D0000-0x0000000005820000-memory.dmp

Filesize
3.3MB

Download
memory/3532-129-0x0000000004D80000-0x0000000004D92000-memory.dmp

Filesize
72KB

Download
memory/3532-122-0x0000000000200000-0x00000000002A2000-memory.dmp

Filesize
648KB

Download
memory/3532-131-0x0000000004DC0000-0x0000000004DD0000-memory.dmp

Filesize
64KB

Download
memory/3532-126-0x0000000004DC0000-0x0000000004DD0000-memory.dmp

Filesize
64KB

Download
memory/3532-133-0x0000000006AA0000-0x0000000006B12000-memory.dmp

Filesize
456KB

Download
memory/3532-134-0x0000000009130000-0x00000000091CC000-memory.dmp

Filesize
624KB

Download
memory/3532-125-0x0000000004B70000-0x0000000004C02000-memory.dmp

Filesize
584KB

Download
memory/3532-137-0x0000000073420000-0x0000000073B0E000-memory.dmp

Filesize
6.9MB

Download
memory/3532-124-0x0000000004FD0000-0x00000000054CE000-memory.dmp

Filesize
5.0MB

Download
memory/3532-123-0x0000000073420000-0x0000000073B0E000-memory.dmp

Filesize
6.9MB

Download