Analysis
-
max time kernel
140s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
21-10-2023 16:06
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe
-
Size
418KB
-
MD5
72516113d76c75efa92ed61db2124744
-
SHA1
8432d42ab09076446dbc3096089635ed83da3c43
-
SHA256
43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c
-
SHA512
fbced8f4b1a057b4bdeadc730af24e859c864d8f3daaba4f4a2a3c0cd55cebd3fbe0d2f110e9e4062a5e0b5a645094814c9d6d34b10a9e9a21aac5bcceded546
-
SSDEEP
12288:yajqwxcQPiirTQw5X06OeW5UrCly95x269j:Lxcqr5E6OTKVD9j
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 3696 set thread context of 5028 3696 43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe 87 -
Suspicious use of WriteProcessMemory 25 IoCs
description pid Process procid_target PID 3696 wrote to memory of 1220 3696 43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe 82 PID 3696 wrote to memory of 1220 3696 43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe 82 PID 3696 wrote to memory of 1220 3696 43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe 82 PID 3696 wrote to memory of 4636 3696 43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe 83 PID 3696 wrote to memory of 4636 3696 43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe 83 PID 3696 wrote to memory of 4636 3696 43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe 83 PID 3696 wrote to memory of 4208 3696 43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe 84 PID 3696 wrote to memory of 4208 3696 43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe 84 PID 3696 wrote to memory of 4208 3696 43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe 84 PID 3696 wrote to memory of 3416 3696 43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe 85 PID 3696 wrote to memory of 3416 3696 43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe 85 PID 3696 wrote to memory of 3416 3696 43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe 85 PID 3696 wrote to memory of 3132 3696 43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe 86 PID 3696 wrote to memory of 3132 3696 43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe 86 PID 3696 wrote to memory of 3132 3696 43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe 86 PID 3696 wrote to memory of 5028 3696 43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe 87 PID 3696 wrote to memory of 5028 3696 43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe 87 PID 3696 wrote to memory of 5028 3696 43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe 87 PID 3696 wrote to memory of 5028 3696 43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe 87 PID 3696 wrote to memory of 5028 3696 43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe 87 PID 3696 wrote to memory of 5028 3696 43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe 87 PID 3696 wrote to memory of 5028 3696 43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe 87 PID 3696 wrote to memory of 5028 3696 43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe 87 PID 3696 wrote to memory of 5028 3696 43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe 87 PID 3696 wrote to memory of 5028 3696 43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe"C:\Users\Admin\AppData\Local\Temp\43f7a254794f690568cda3087a94655b1e277397ee2e5fb34bfc6c18cd6cf05c.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3696 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"2⤵PID:1220
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"2⤵PID:4636
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"2⤵PID:4208
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"2⤵PID:3416
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"2⤵PID:3132
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"2⤵PID:5028
-