Analysis
-
max time kernel
146s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-12-2023 10:53
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
18aab6bd6edf488b52939c676683a08f.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
18aab6bd6edf488b52939c676683a08f.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
18aab6bd6edf488b52939c676683a08f.exe
-
Size
35KB
-
MD5
18aab6bd6edf488b52939c676683a08f
-
SHA1
befc51bb852cbbec2d09739678cab135a6b0d0b6
-
SHA256
3a19798939c9577a51be3142273f5e2730b12d5a0ab15af74ef6e9537853c800
-
SHA512
ec639c7d8a95e0e97556acb62e19e9a08489d5d19d86b818ab5950fa39b474a0638e0aa1e02443dfa9ffe8b81d17d2bcdd58551294fda100aec84dcb0216d87b
-
SSDEEP
384:pQKxzGConR5NkBEabXx5EgJgLa0MapjzbTJ0QomOhA1z0s7j5gQVgpRUo3sajE:ltjW5Nk1LbgLa1oXl0Ju0dVI
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 4476 set thread context of 4524 4476 18aab6bd6edf488b52939c676683a08f.exe 22 -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 4476 wrote to memory of 4524 4476 18aab6bd6edf488b52939c676683a08f.exe 22 PID 4476 wrote to memory of 4524 4476 18aab6bd6edf488b52939c676683a08f.exe 22 PID 4476 wrote to memory of 4524 4476 18aab6bd6edf488b52939c676683a08f.exe 22 PID 4476 wrote to memory of 4524 4476 18aab6bd6edf488b52939c676683a08f.exe 22 PID 4476 wrote to memory of 4524 4476 18aab6bd6edf488b52939c676683a08f.exe 22 PID 4476 wrote to memory of 4524 4476 18aab6bd6edf488b52939c676683a08f.exe 22 PID 4476 wrote to memory of 4524 4476 18aab6bd6edf488b52939c676683a08f.exe 22
Processes
-
C:\Users\Admin\AppData\Local\Temp\18aab6bd6edf488b52939c676683a08f.exe"C:\Users\Admin\AppData\Local\Temp\18aab6bd6edf488b52939c676683a08f.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4476 -
C:\Users\Admin\AppData\Local\Temp\18aab6bd6edf488b52939c676683a08f.exe"C:\Users\Admin\AppData\Local\Temp\18aab6bd6edf488b52939c676683a08f.exe"2⤵PID:4524
-