Overview

overview

5

Static

static

3

TT COPY_EUR88,000.exe

windows7-x64

5

TT COPY_EUR88,000.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 06:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TT COPY_EUR88,000.exe

  • Size

    647KB

  • MD5

    6befcaeb9a7e63e4e08065d7731e957e

  • SHA1

    7bd8ada4b3844b9046823f601211a603040a2038

  • SHA256

    8ded0da09fc0b8996bbca51a3f001669e85a74b7da56a64d97c1168c8d6a4b0d

  • SHA512

    323dd2c239cee687de9c3d31e886e9fc7197976a8f9c672afff4dbf128e7a9889e18a76c2028595e9e02853fb8815b7bcc8ea6cae0e76b33cb05e4ce954037be

  • SSDEEP

    12288:yKMmomWOHSk53jjSOciaJbvwqsjGVrS40HvpfUX57/ETRP9b6iDZzXkRF8F:8b/Bk9jj3cXmAMHvpfUlEFZ6iNzXkRiF

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 4 IoCs
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 44 IoCs
  • Suspicious behavior: MapViewOfSection 5 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3352
    • C:\Users\Admin\AppData\Local\Temp\TT COPY_EUR88,000.exe
      "C:\Users\Admin\AppData\Local\Temp\TT COPY_EUR88,000.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:3768
      • C:\Users\Admin\AppData\Local\Temp\TT COPY_EUR88,000.exe
        "C:\Users\Admin\AppData\Local\Temp\TT COPY_EUR88,000.exe"
        3⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        PID:1020
    • C:\Windows\SysWOW64\chkntfs.exe
      "C:\Windows\SysWOW64\chkntfs.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:2680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1020-13-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1020-24-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1020-25-0x0000000001080000-0x00000000010A4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1020-21-0x0000000001080000-0x00000000010A4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1020-20-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1020-19-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1020-18-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1020-17-0x00000000010B0000-0x00000000013FA000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1020-15-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/2680-22-0x0000000000740000-0x000000000077A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2680-23-0x0000000000740000-0x000000000077A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2680-29-0x0000000000740000-0x000000000077A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2680-28-0x0000000002830000-0x00000000028D3000-memory.dmp

    Filesize

    652KB

    Download

  • memory/2680-27-0x0000000000740000-0x000000000077A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2680-26-0x0000000002960000-0x0000000002CAA000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/3768-8-0x00000000052E0000-0x00000000052F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3768-16-0x0000000074790000-0x0000000074F40000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3768-6-0x00000000052D0000-0x00000000052E4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3768-5-0x00000000050E0000-0x00000000050EA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3768-4-0x00000000052E0000-0x00000000052F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/3768-3-0x0000000005140000-0x00000000051D2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/3768-0-0x00000000007D0000-0x0000000000878000-memory.dmp

    Filesize

    672KB

    Download

  • memory/3768-7-0x0000000074790000-0x0000000074F40000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3768-2-0x00000000056F0000-0x0000000005C94000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/3768-1-0x0000000074790000-0x0000000074F40000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3768-9-0x0000000005430000-0x000000000543A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3768-10-0x0000000005440000-0x000000000544E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3768-12-0x0000000008C60000-0x0000000008CFC000-memory.dmp

    Filesize

    624KB

    Download

  • memory/3768-11-0x0000000006520000-0x000000000659E000-memory.dmp

    Filesize

    504KB

    Download