Overview

overview

5

Static

static

3

file.exe

windows7-x64

5

file.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    142s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 13:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    393KB

  • MD5

    0d3f96da2c8ad30d9dbc375b179b2976

  • SHA1

    a0c9aeca29d0e97be12a0574929f8fa7536b6997

  • SHA256

    e71980169befd0ee7f9aad24d5023b5f2fac343ed50b7e32547851663a457930

  • SHA512

    68de0150030d678afd6dbff7df4e29b8e53e8133880ba9ff4aa9e791ce709c29354627fadc159a71f0767d749633c5627ce8a75fd54911f280a3b3b4be5902a2

  • SSDEEP

    6144:RuTjEQ2jicP5iOo2T8VrSd/sUAOLklmEJngBTh64yrveh9eRaL510X91Sa:RuT9qiG59ou9k16h6482hHu1Sa

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2412
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:3740

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3740-0-0x0000000000400000-0x000000000042F000-memory.dmp

      Filesize

      188KB

      Download

    • memory/3740-1-0x0000000000400000-0x000000000042F000-memory.dmp

      Filesize

      188KB

      Download

    • memory/3740-2-0x0000000000400000-0x000000000042F000-memory.dmp

      Filesize

      188KB

      Download

    • memory/3740-3-0x0000000000400000-0x000000000042F000-memory.dmp

      Filesize

      188KB

      Download

    • memory/3740-4-0x0000000000400000-0x000000000042F000-memory.dmp

      Filesize

      188KB

      Download