Overview

overview

5

Static

static

3

6a0dea5207...98.exe

windows7-x64

5

6a0dea5207...98.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26-12-2023 11:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6a0dea5207894c149d4b64a63bdd0298.exe

  • Size

    112KB

  • MD5

    6a0dea5207894c149d4b64a63bdd0298

  • SHA1

    85f0fec7f808b5cce306a800e8c0353e9aa25dd2

  • SHA256

    6ef9c94fd73a0beb8eebc6b4b09b3c37dc6c8c99b815fbb3d39ddb04b57eedef

  • SHA512

    486f9292b87624a61061e85dd3a8d237309108dd0618bf950d7ea423456f73ff2396b88e6042f575a9d94700e1f395e1a73d77c5120c0cda231fcee3975e88cb

  • SSDEEP

    3072:etGuBfd0yUYl06ZAlzB91zczKuPi5wUuaL0PUVNN:5auPIeua6U9LL

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1252
      • C:\Users\Admin\AppData\Local\Temp\6a0dea5207894c149d4b64a63bdd0298.exe
        "C:\Users\Admin\AppData\Local\Temp\6a0dea5207894c149d4b64a63bdd0298.exe"
        2⤵
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:2888
        • C:\Users\Admin\AppData\Local\Temp\6a0dea5207894c149d4b64a63bdd0298.exe
          "C:\Users\Admin\AppData\Local\Temp\6a0dea5207894c149d4b64a63bdd0298.exe"
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2784

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2784-5-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2784-7-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2784-9-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2888-0-0x0000000000400000-0x000000000043B000-memory.dmp

      Filesize

      236KB

      Download

    • memory/2888-2-0x0000000000400000-0x000000000043B000-memory.dmp

      Filesize

      236KB

      Download

    • memory/2888-1-0x0000000002540000-0x0000000002541000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2888-3-0x0000000000310000-0x0000000000311000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2888-4-0x0000000000400000-0x000000000043B000-memory.dmp

      Filesize

      236KB

      Download

    • memory/2888-8-0x0000000000400000-0x000000000043B000-memory.dmp

      Filesize

      236KB

      Download