e0053ffea3a64ce4b5173dd3f143c8b4bf9c84c1531a85bce2dfefecf3eb1fea

Analysis

max time kernel
142s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
22/09/2023, 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe
Size

576KB
MD5

0bb376187cf8242293fcb8578e369fb2
SHA1

9bde167acf3f4146c339c62d212280d7c2b96391
SHA256

50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7
SHA512

75a327c874d83984e54a3c6b8b77fec5479b5205573bc3f036c7dd5ef35a037863d2266dc994808b6e3ed24cf9bac6bbbeb6cb4553b7418787a7615871249b34
SSDEEP

12288:6ZUEkSVn/1nKAjj7N14+l8QvbV5yu1Dm30IsQ456V614sAAk08:2UqVjjPl8m5ZTKSAO

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2340 set thread context of 4216	2340	50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe	89

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4216	50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe
4216	50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 4216	2340	50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe	89
PID 2340 wrote to memory of 4216	2340	50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe	89
PID 2340 wrote to memory of 4216	2340	50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe	89
PID 2340 wrote to memory of 4216	2340	50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe	89
PID 2340 wrote to memory of 4216	2340	50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe	89
PID 2340 wrote to memory of 4216	2340	50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe	89

C:\Users\Admin\AppData\Local\Temp\50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe
"C:\Users\Admin\AppData\Local\Temp\50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Users\Admin\AppData\Local\Temp\50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe
  "C:\Users\Admin\AppData\Local\Temp\50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2340-8-0x0000000074FE0000-0x0000000075790000-memory.dmp

Filesize
7.7MB

Download
memory/2340-9-0x00000000057A0000-0x00000000057B0000-memory.dmp

Filesize
64KB

Download
memory/2340-2-0x0000000005BB0000-0x0000000006154000-memory.dmp

Filesize
5.6MB

Download
memory/2340-3-0x0000000005600000-0x0000000005692000-memory.dmp

Filesize
584KB

Download
memory/2340-4-0x00000000057A0000-0x00000000057B0000-memory.dmp

Filesize
64KB

Download
memory/2340-6-0x0000000005850000-0x00000000058EC000-memory.dmp

Filesize
624KB

Download
memory/2340-5-0x0000000005790000-0x000000000579A000-memory.dmp

Filesize
40KB

Download
memory/2340-7-0x0000000005820000-0x0000000005832000-memory.dmp

Filesize
72KB

Download
memory/2340-1-0x0000000000B60000-0x0000000000BF6000-memory.dmp

Filesize
600KB

Download
memory/2340-10-0x0000000005980000-0x0000000005988000-memory.dmp

Filesize
32KB

Download
memory/2340-0-0x0000000074FE0000-0x0000000075790000-memory.dmp

Filesize
7.7MB

Download
memory/2340-11-0x0000000005BA0000-0x0000000005BAC000-memory.dmp

Filesize
48KB

Download
memory/2340-12-0x00000000063A0000-0x000000000641A000-memory.dmp

Filesize
488KB

Download
memory/2340-15-0x0000000074FE0000-0x0000000075790000-memory.dmp

Filesize
7.7MB

Download
memory/4216-13-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4216-16-0x0000000001A10000-0x0000000001D5A000-memory.dmp

Filesize
3.3MB

Download
memory/4216-17-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download