c6111bd18930543f8282a19505f7f73deb4567dcf75744fd13d3355402bc3bed

Analysis

max time kernel
142s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 02:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2579b09f6eea6112edea3d6e5b7c6afe.exe
Size

576KB
MD5

2579b09f6eea6112edea3d6e5b7c6afe
SHA1

9af775290bca40cc15149d0a42796794910929f9
SHA256

c6111bd18930543f8282a19505f7f73deb4567dcf75744fd13d3355402bc3bed
SHA512

2d7f6c1e928eea8e7a045db8ba968820075034269e42555f572720b0a393fd45d8cdbd85384d5f9036076207654058684bbfa83e554b30e6a1b2d40c87047a29
SSDEEP

12288:e0IbsQoyZOu72KvvryrvawB7CnYR85BzZ25VsGJYz5xx5emqNAUNJ3WICoXKC2/6:eZqyF2KXryrv1Bipjs5Jg5b5emUAUNJx

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 3 IoCs

description	pid	Process	procid_target
PID 3004 set thread context of 1380	3004	2579b09f6eea6112edea3d6e5b7c6afe.exe	28
PID 3004 set thread context of 2296	3004	2579b09f6eea6112edea3d6e5b7c6afe.exe	29
PID 1380 set thread context of 2828	1380	2579b09f6eea6112edea3d6e5b7c6afe.exe	30

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3004	2579b09f6eea6112edea3d6e5b7c6afe.exe

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 1380	3004	2579b09f6eea6112edea3d6e5b7c6afe.exe	28
PID 3004 wrote to memory of 1380	3004	2579b09f6eea6112edea3d6e5b7c6afe.exe	28
PID 3004 wrote to memory of 1380	3004	2579b09f6eea6112edea3d6e5b7c6afe.exe	28
PID 3004 wrote to memory of 1380	3004	2579b09f6eea6112edea3d6e5b7c6afe.exe	28
PID 3004 wrote to memory of 1380	3004	2579b09f6eea6112edea3d6e5b7c6afe.exe	28
PID 3004 wrote to memory of 1380	3004	2579b09f6eea6112edea3d6e5b7c6afe.exe	28
PID 3004 wrote to memory of 1380	3004	2579b09f6eea6112edea3d6e5b7c6afe.exe	28
PID 3004 wrote to memory of 1380	3004	2579b09f6eea6112edea3d6e5b7c6afe.exe	28
PID 3004 wrote to memory of 1380	3004	2579b09f6eea6112edea3d6e5b7c6afe.exe	28
PID 3004 wrote to memory of 1380	3004	2579b09f6eea6112edea3d6e5b7c6afe.exe	28
PID 3004 wrote to memory of 1380	3004	2579b09f6eea6112edea3d6e5b7c6afe.exe	28
PID 3004 wrote to memory of 1380	3004	2579b09f6eea6112edea3d6e5b7c6afe.exe	28
PID 3004 wrote to memory of 2296	3004	2579b09f6eea6112edea3d6e5b7c6afe.exe	29
PID 3004 wrote to memory of 2296	3004	2579b09f6eea6112edea3d6e5b7c6afe.exe	29
PID 3004 wrote to memory of 2296	3004	2579b09f6eea6112edea3d6e5b7c6afe.exe	29
PID 3004 wrote to memory of 2296	3004	2579b09f6eea6112edea3d6e5b7c6afe.exe	29
PID 3004 wrote to memory of 2296	3004	2579b09f6eea6112edea3d6e5b7c6afe.exe	29
PID 1380 wrote to memory of 2828	1380	2579b09f6eea6112edea3d6e5b7c6afe.exe	30
PID 1380 wrote to memory of 2828	1380	2579b09f6eea6112edea3d6e5b7c6afe.exe	30
PID 1380 wrote to memory of 2828	1380	2579b09f6eea6112edea3d6e5b7c6afe.exe	30
PID 1380 wrote to memory of 2828	1380	2579b09f6eea6112edea3d6e5b7c6afe.exe	30
PID 3004 wrote to memory of 2296	3004	2579b09f6eea6112edea3d6e5b7c6afe.exe	29
PID 3004 wrote to memory of 2296	3004	2579b09f6eea6112edea3d6e5b7c6afe.exe	29
PID 1380 wrote to memory of 2828	1380	2579b09f6eea6112edea3d6e5b7c6afe.exe	30
PID 3004 wrote to memory of 2296	3004	2579b09f6eea6112edea3d6e5b7c6afe.exe	29
PID 3004 wrote to memory of 2296	3004	2579b09f6eea6112edea3d6e5b7c6afe.exe	29
PID 1380 wrote to memory of 2828	1380	2579b09f6eea6112edea3d6e5b7c6afe.exe	30
PID 3004 wrote to memory of 2296	3004	2579b09f6eea6112edea3d6e5b7c6afe.exe	29
PID 1380 wrote to memory of 2828	1380	2579b09f6eea6112edea3d6e5b7c6afe.exe	30
PID 3004 wrote to memory of 2296	3004	2579b09f6eea6112edea3d6e5b7c6afe.exe	29
PID 3004 wrote to memory of 2296	3004	2579b09f6eea6112edea3d6e5b7c6afe.exe	29
PID 1380 wrote to memory of 2828	1380	2579b09f6eea6112edea3d6e5b7c6afe.exe	30

C:\Users\Admin\AppData\Local\Temp\2579b09f6eea6112edea3d6e5b7c6afe.exe
"C:\Users\Admin\AppData\Local\Temp\2579b09f6eea6112edea3d6e5b7c6afe.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Users\Admin\AppData\Local\Temp\2579b09f6eea6112edea3d6e5b7c6afe.exe
  C:\Users\Admin\AppData\Local\Temp\2579b09f6eea6112edea3d6e5b7c6afe.exe
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:1380
- - C:\Users\Admin\AppData\Local\Temp\2579b09f6eea6112edea3d6e5b7c6afe.exe
    "C:\Users\Admin\AppData\Local\Temp\2579b09f6eea6112edea3d6e5b7c6afe.exe"
    3⤵
    PID:2828
- C:\Users\Admin\AppData\Local\Temp\2579b09f6eea6112edea3d6e5b7c6afe.exe
  C:\Users\Admin\AppData\Local\Temp\2579b09f6eea6112edea3d6e5b7c6afe.exe
  2⤵
  PID:2296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1380-2-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1380-4-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1380-6-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1380-8-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1380-9-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1380-10-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1380-12-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1380-14-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1380-11-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1380-16-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1380-41-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1380-18-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1380-20-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2296-39-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2296-31-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2296-25-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2296-49-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2296-27-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2296-47-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2296-29-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2296-42-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2296-46-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2296-23-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2296-37-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2296-19-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2296-15-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2296-45-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/2828-30-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/2828-43-0x0000000000400000-0x0000000000401BDC-memory.dmp

Filesize
6KB

Download
memory/2828-40-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/2828-32-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/2828-26-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/2828-22-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads