Overview

overview

7

Static

static

3

785c92b829...62.exe

windows7-x64

7

785c92b829...62.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    168s
  • max time network
    201s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 15:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    785c92b829a465a993a718ca45a96662.exe

  • Size

    95KB

  • MD5

    785c92b829a465a993a718ca45a96662

  • SHA1

    4c867b571a3b24d50bc8f20fa1848f8b882e2832

  • SHA256

    77f5946d6788181cb7fd12a1ba87e8111e75474e3576dda0be2caf88d5311237

  • SHA512

    516b43426b62210e81e5b693eba723e4ac9e79d6d199dda0ef97ab2c41dfdd445394ef978f0f7884545732bbdb182378d728d2b48a5c05fc030e329ef7894879

  • SSDEEP

    1536:Ux7s8I36fuxgv/9hEx1ppIjbEo1/tkZwyDxyd3KNx6bWnToIfAIOgGx:A73Iqfv0CbEO/tTyFSKNx6OTBf2gGx

Score
7/10

Malware Config

Signatures

  • Unexpected DNS network traffic destination 1 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\785c92b829a465a993a718ca45a96662.exe
    "C:\Users\Admin\AppData\Local\Temp\785c92b829a465a993a718ca45a96662.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2516
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\11993091.bat
      2⤵
        PID:3332
      • C:\Windows\SysWOW64\svchost.exe
        svchost.exe
        2⤵
          PID:776

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\11993091.bat
        Filesize

        238B

        MD5

        d954bb76e9cdd56f1f65c2b85b5ce559

        SHA1

        ce7e7bfecb4613a25c1994cecd67f87ddc6ad46f

        SHA256

        0a944704aaa25a40057fb9ebba3ec55559c845ceabaf9253caf569190853a3ac

        SHA512

        2c064794da0d0dfe4bc4170b1df51ba362919bb6b16da8a4a02e0ba540bf8bafcfed544f04bdb5a8f72b022c10e31e149948a6a63498b0dfa62fc36105492027

        Download Submit

      • memory/776-4-0x0000000000400000-0x000000000042E000-memory.dmp

        Filesize

        184KB

        Download

      • memory/776-3-0x0000000000400000-0x000000000042E000-memory.dmp

        Filesize

        184KB

        Download

      • memory/776-7-0x0000000000400000-0x000000000042E000-memory.dmp

        Filesize

        184KB

        Download

      • memory/2516-0-0x0000000000400000-0x000000000042E000-memory.dmp

        Filesize

        184KB

        Download

      • memory/2516-5-0x0000000000400000-0x000000000042E000-memory.dmp

        Filesize

        184KB

        Download