43f73f7e50ee7608fd1fa98684faa06ce16275cc15d7cbd902aa799ca542f931 | Triage

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 05:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0f90c57f0cfaa5f0c41d298795b0a8af.exe
Size

215KB
MD5

0f90c57f0cfaa5f0c41d298795b0a8af
SHA1

61d787db9960990e1c8cde6988330afb42dc1b4e
SHA256

43f73f7e50ee7608fd1fa98684faa06ce16275cc15d7cbd902aa799ca542f931
SHA512

dc62c7516c141ef79c508ef18a418c5a3655117cc92c49ea690bc5180f56ce59373e2151ae9c171454642fa163ad837a01d1e06d07cca103b8d6faac93929dc9
SSDEEP

6144:lbbOpezXmwUcZeAHPeuPbf4lv+uUbW6y3/tWM0:lbCpermDcZeHuP7SPT6MU

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3156 set thread context of 2768	3156	0f90c57f0cfaa5f0c41d298795b0a8af.exe	91

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3156 wrote to memory of 2768	3156	0f90c57f0cfaa5f0c41d298795b0a8af.exe	91
PID 3156 wrote to memory of 2768	3156	0f90c57f0cfaa5f0c41d298795b0a8af.exe	91
PID 3156 wrote to memory of 2768	3156	0f90c57f0cfaa5f0c41d298795b0a8af.exe	91
PID 3156 wrote to memory of 2768	3156	0f90c57f0cfaa5f0c41d298795b0a8af.exe	91
PID 3156 wrote to memory of 2768	3156	0f90c57f0cfaa5f0c41d298795b0a8af.exe	91
PID 3156 wrote to memory of 2768	3156	0f90c57f0cfaa5f0c41d298795b0a8af.exe	91
PID 3156 wrote to memory of 2768	3156	0f90c57f0cfaa5f0c41d298795b0a8af.exe	91
PID 3156 wrote to memory of 2768	3156	0f90c57f0cfaa5f0c41d298795b0a8af.exe	91

C:\Users\Admin\AppData\Local\Temp\0f90c57f0cfaa5f0c41d298795b0a8af.exe
"C:\Users\Admin\AppData\Local\Temp\0f90c57f0cfaa5f0c41d298795b0a8af.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3156
- C:\Users\Admin\AppData\Local\Temp\0f90c57f0cfaa5f0c41d298795b0a8af.exe
  "C:\Users\Admin\AppData\Local\Temp\0f90c57f0cfaa5f0c41d298795b0a8af.exe"
  2⤵
  PID:2768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2768-0-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2768-2-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2768-3-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2768-4-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download