690e898fd01b69ac3eea36ac0bde48295eeb37b85a76ab96368b02dd7ee51615

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
28-09-2023 06:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tmp.exe
Size

3.3MB
MD5

0f188231c29fba40e8b3e76792464cff
SHA1

e231f8e1060915dcb83fcf383ce0c80dbb94b2ea
SHA256

690e898fd01b69ac3eea36ac0bde48295eeb37b85a76ab96368b02dd7ee51615
SHA512

2d430c8bc5d5473bcc41e22bff252f1c09e632a4baaa5da4ac011ba13bf102ccc7a80541293a965a6ff80ca47b3d4271fd1e35c878a2b4ff0123af172f16f803
SSDEEP

98304:sqNAQ6FGtvX6KN5hBAud6kDjGpUefle0GzDKKD:sqN5u06KN5hZnse0GzJ

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

tmp.exe

description pid process target process

PID 1772 set thread context of 2012 1772 tmp.exe cmd.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

tmp.execmd.exe

pid process

1772 tmp.exe
2012 cmd.exe
Suspicious behavior: MapViewOfSection 2 IoCs

Processes:

tmp.execmd.exe

pid process

1772 tmp.exe
2012 cmd.exe

description	pid	process	target process
PID 1772 set thread context of 2012	1772	tmp.exe	cmd.exe

pid	process
1772	tmp.exe
2012	cmd.exe

pid	process
1772	tmp.exe
2012	cmd.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

tmp.execmd.exe

description	pid	process	target process
PID 1772 wrote to memory of 2012	1772	tmp.exe	cmd.exe
PID 1772 wrote to memory of 2012	1772	tmp.exe	cmd.exe
PID 1772 wrote to memory of 2012	1772	tmp.exe	cmd.exe
PID 1772 wrote to memory of 2012	1772	tmp.exe	cmd.exe
PID 2012 wrote to memory of 3304	2012	cmd.exe	explorer.exe
PID 2012 wrote to memory of 3304	2012	cmd.exe	explorer.exe
PID 2012 wrote to memory of 3304	2012	cmd.exe	explorer.exe
PID 2012 wrote to memory of 3304	2012	cmd.exe	explorer.exe
PID 2012 wrote to memory of 3304	2012	cmd.exe	explorer.exe

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1772
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\SysWOW64\cmd.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of WriteProcessMemory
  PID:2012
- - C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    3⤵
    PID:3304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1583f49c

Filesize
1.0MB

MD5
acbb6606ef44743331ade37f467b16fe

SHA1
f8450fd0fbe57473400af4e574acb039a1c245a1

SHA256
3a604893c13ef48950f68f5db40b1590f2f3ad69fa14d11b2c7280243093833e

SHA512
13842e9d9eede7c21a542319c3aff03255df2d8bcf2e91a4b2753f8e0a5ea696e906889b46f4eecaa01643622e249736f18bdf7af653e80f9a9a3970953cb381

Download Submit
memory/1772-0-0x0000000000400000-0x000000000075D000-memory.dmp

Filesize
3.4MB

Download
memory/1772-2-0x0000000075C10000-0x0000000075CCF000-memory.dmp

Filesize
764KB

Download
memory/1772-3-0x0000000075C10000-0x0000000075CCF000-memory.dmp

Filesize
764KB

Download
memory/1772-4-0x0000000075C10000-0x0000000075CCF000-memory.dmp

Filesize
764KB

Download
memory/2012-9-0x00000000014E0000-0x000000000159F000-memory.dmp

Filesize
764KB

Download
memory/2012-7-0x00007FF9C0B70000-0x00007FF9C0D65000-memory.dmp

Filesize
2.0MB

Download
memory/2012-10-0x00000000014E0000-0x000000000159F000-memory.dmp

Filesize
764KB

Download
memory/3304-12-0x0000000000290000-0x000000000030A000-memory.dmp

Filesize
488KB

Download
memory/3304-13-0x00007FF9C0B70000-0x00007FF9C0D65000-memory.dmp

Filesize
2.0MB

Download
memory/3304-14-0x0000000000290000-0x000000000030A000-memory.dmp

Filesize
488KB

Download
memory/3304-15-0x0000000000B80000-0x0000000000FB3000-memory.dmp

Filesize
4.2MB

Download
memory/3304-16-0x0000000000290000-0x000000000030A000-memory.dmp

Filesize
488KB

Download
memory/3304-17-0x0000000000290000-0x000000000030A000-memory.dmp

Filesize
488KB

Download