3bf0b9a7dd83d80d5e34ace658993c1ef171e70795a74a4c24027f63a856132a | Triage

Analysis

max time kernel
136s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 21:35

Sharing

Report Analysis Logs

General

Target

048ffc50e8fd7aea9c52cf48ac6d507f.exe
Size

476KB
MD5

048ffc50e8fd7aea9c52cf48ac6d507f
SHA1

6c3c968d41e9796743806f0c00deb5b3b4b1cab1
SHA256

3bf0b9a7dd83d80d5e34ace658993c1ef171e70795a74a4c24027f63a856132a
SHA512

4b4bd23d3b49b1d08c3dab3f224e4fbc312c3da224ee43e46630f06269362fdccb9bc489acda531a8a06cda51bc8f65c3b3f80b6d8a9e35191cdf52da02ffec3
SSDEEP

6144:QyJZv5zFiIO5K9vxsJr6x7oEooLuV9u3SKk9e2dkIZFF2Ad:QcLFQ6KEHi9J

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1752 set thread context of 5036	1752	048ffc50e8fd7aea9c52cf48ac6d507f.exe	20

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 5036	1752	048ffc50e8fd7aea9c52cf48ac6d507f.exe	20
PID 1752 wrote to memory of 5036	1752	048ffc50e8fd7aea9c52cf48ac6d507f.exe	20
PID 1752 wrote to memory of 5036	1752	048ffc50e8fd7aea9c52cf48ac6d507f.exe	20
PID 1752 wrote to memory of 5036	1752	048ffc50e8fd7aea9c52cf48ac6d507f.exe	20
PID 1752 wrote to memory of 5036	1752	048ffc50e8fd7aea9c52cf48ac6d507f.exe	20
PID 1752 wrote to memory of 5036	1752	048ffc50e8fd7aea9c52cf48ac6d507f.exe	20
PID 1752 wrote to memory of 5036	1752	048ffc50e8fd7aea9c52cf48ac6d507f.exe	20
PID 1752 wrote to memory of 5036	1752	048ffc50e8fd7aea9c52cf48ac6d507f.exe	20

C:\Users\Admin\AppData\Local\Temp\048ffc50e8fd7aea9c52cf48ac6d507f.exe
"C:\Users\Admin\AppData\Local\Temp\048ffc50e8fd7aea9c52cf48ac6d507f.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Users\Admin\AppData\Local\Temp\048ffc50e8fd7aea9c52cf48ac6d507f.exe
  "C:\Users\Admin\AppData\Local\Temp\048ffc50e8fd7aea9c52cf48ac6d507f.exe"
  2⤵
  PID:5036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5036-3-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/5036-2-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/5036-0-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download