Overview

overview

7

Static

static

3

tmp.exe

windows7-x64

7

tmp.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2023, 15:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp.exe

  • Size

    935KB

  • MD5

    bebe3cc434f6afdb0f0cef4f13b78aa3

  • SHA1

    b64b31a530a6308c636c6aae2852986182971017

  • SHA256

    6f1c291cb4ee985a93a6f4b1c24b9f6e479149f074bc9575701f7c9793748550

  • SHA512

    8d0a961894fa2782167d93625bbe51ba56ef328b21c754e9f20523c08cd934a7f955165881d8f5d9a2a7a587fcc59ddf6f821eee3b80b1a25f91e4f94a41c3a7

  • SSDEEP

    24576://0JW4NPRsBu+SNbj0nqVktuQu3GYfpBhtD/:TCX10nqVkaWY3

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 54 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 7 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3096
    • C:\Users\Admin\AppData\Local\Temp\tmp.exe
      "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:5100
      • C:\Users\Admin\AppData\Local\Temp\tmp.exe
        "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
        3⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        PID:4068
    • C:\Windows\SysWOW64\help.exe
      "C:\Windows\SysWOW64\help.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:2684
      • C:\Program Files\Mozilla Firefox\Firefox.exe
        "C:\Program Files\Mozilla Firefox\Firefox.exe"
        3⤵
          PID:1648

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2684-38-0x0000000001100000-0x00000000011A2000-memory.dmp

            Filesize

            648KB

            Download

          • memory/2684-37-0x0000000000A60000-0x0000000000A9A000-memory.dmp

            Filesize

            232KB

            Download

          • memory/2684-27-0x0000000001100000-0x00000000011A2000-memory.dmp

            Filesize

            648KB

            Download

          • memory/2684-26-0x0000000000A60000-0x0000000000A9A000-memory.dmp

            Filesize

            232KB

            Download

          • memory/2684-25-0x00000000011F0000-0x000000000153A000-memory.dmp

            Filesize

            3.3MB

            Download

          • memory/2684-22-0x0000000000A60000-0x0000000000A9A000-memory.dmp

            Filesize

            232KB

            Download

          • memory/2684-21-0x0000000000A60000-0x0000000000A9A000-memory.dmp

            Filesize

            232KB

            Download

          • memory/3096-20-0x000000000CDC0000-0x000000000EDA6000-memory.dmp

            Filesize

            31.9MB

            Download

          • memory/3096-39-0x0000000002E90000-0x0000000002F68000-memory.dmp

            Filesize

            864KB

            Download

          • memory/3096-30-0x000000000CDC0000-0x000000000EDA6000-memory.dmp

            Filesize

            31.9MB

            Download

          • memory/3096-29-0x0000000002E90000-0x0000000002F68000-memory.dmp

            Filesize

            864KB

            Download

          • memory/3096-28-0x0000000002E90000-0x0000000002F68000-memory.dmp

            Filesize

            864KB

            Download

          • memory/4068-17-0x0000000000400000-0x000000000043E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/4068-24-0x0000000001480000-0x00000000014A3000-memory.dmp

            Filesize

            140KB

            Download

          • memory/4068-15-0x0000000001100000-0x000000000144A000-memory.dmp

            Filesize

            3.3MB

            Download

          • memory/4068-16-0x0000000000400000-0x000000000043E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/4068-23-0x0000000000400000-0x000000000043E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/4068-18-0x0000000000400000-0x000000000043E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/4068-19-0x0000000001480000-0x00000000014A3000-memory.dmp

            Filesize

            140KB

            Download

          • memory/4068-12-0x0000000000400000-0x000000000043E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/5100-7-0x00000000059C0000-0x00000000059DA000-memory.dmp

            Filesize

            104KB

            Download

          • memory/5100-10-0x0000000006980000-0x0000000006A16000-memory.dmp

            Filesize

            600KB

            Download

          • memory/5100-1-0x00000000751D0000-0x0000000075980000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/5100-14-0x00000000751D0000-0x0000000075980000-memory.dmp

            Filesize

            7.7MB

            Download

          • memory/5100-9-0x0000000002670000-0x000000000267A000-memory.dmp

            Filesize

            40KB

            Download

          • memory/5100-8-0x00000000059E0000-0x00000000059E8000-memory.dmp

            Filesize

            32KB

            Download

          • memory/5100-11-0x0000000006AB0000-0x0000000006B4C000-memory.dmp

            Filesize

            624KB

            Download

          • memory/5100-6-0x00000000050C0000-0x00000000050CA000-memory.dmp

            Filesize

            40KB

            Download

          • memory/5100-5-0x0000000004BF0000-0x0000000004C00000-memory.dmp

            Filesize

            64KB

            Download

          • memory/5100-4-0x0000000004CC0000-0x0000000005014000-memory.dmp

            Filesize

            3.3MB

            Download

          • memory/5100-3-0x0000000004C20000-0x0000000004CB2000-memory.dmp

            Filesize

            584KB

            Download

          • memory/5100-2-0x0000000005130000-0x00000000056D4000-memory.dmp

            Filesize

            5.6MB

            Download

          • memory/5100-0-0x0000000000100000-0x00000000001F0000-memory.dmp

            Filesize

            960KB

            Download