e4627236e0996a44136c77798a5c41443488d99536e65a9e2c971803d5e6c73f | Triage

Analysis

max time kernel
146s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 03:29

Sharing

Report Analysis Logs

General

Target

5067c2a84b065108dcf123bbf16bff6c.exe
Size

476KB
MD5

5067c2a84b065108dcf123bbf16bff6c
SHA1

43b0f8271cf4738baa8b45190289d10bc716e055
SHA256

e4627236e0996a44136c77798a5c41443488d99536e65a9e2c971803d5e6c73f
SHA512

ecd55fe4ab36ffb87cc397519529f4f9208cad668a79df708e831f103b07b72547fe15e9bccbaab25bed748b09047abee617144c1b69c65d46c5d2b78ddc2e06
SSDEEP

6144:QyJZv5zFiIO5K9vxsJr6x7oEooLuV9u3SKk9e2dkIZFF2Ag:QcLFQ6KEHi98

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3976 set thread context of 4436	3976	5067c2a84b065108dcf123bbf16bff6c.exe	17

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3976 wrote to memory of 4436	3976	5067c2a84b065108dcf123bbf16bff6c.exe	17
PID 3976 wrote to memory of 4436	3976	5067c2a84b065108dcf123bbf16bff6c.exe	17
PID 3976 wrote to memory of 4436	3976	5067c2a84b065108dcf123bbf16bff6c.exe	17
PID 3976 wrote to memory of 4436	3976	5067c2a84b065108dcf123bbf16bff6c.exe	17
PID 3976 wrote to memory of 4436	3976	5067c2a84b065108dcf123bbf16bff6c.exe	17
PID 3976 wrote to memory of 4436	3976	5067c2a84b065108dcf123bbf16bff6c.exe	17
PID 3976 wrote to memory of 4436	3976	5067c2a84b065108dcf123bbf16bff6c.exe	17
PID 3976 wrote to memory of 4436	3976	5067c2a84b065108dcf123bbf16bff6c.exe	17

C:\Users\Admin\AppData\Local\Temp\5067c2a84b065108dcf123bbf16bff6c.exe
"C:\Users\Admin\AppData\Local\Temp\5067c2a84b065108dcf123bbf16bff6c.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3976
- C:\Users\Admin\AppData\Local\Temp\5067c2a84b065108dcf123bbf16bff6c.exe
  "C:\Users\Admin\AppData\Local\Temp\5067c2a84b065108dcf123bbf16bff6c.exe"
  2⤵
  PID:4436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4436-2-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/4436-0-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/4436-3-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download