Overview

overview

7

Static

static

3

2724c0cc7a...bb.exe

windows7-x64

7

2724c0cc7a...bb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2023 03:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2724c0cc7adeaf144a9f772b27009fbb.exe

  • Size

    48KB

  • MD5

    2724c0cc7adeaf144a9f772b27009fbb

  • SHA1

    219f5115dabe9ee2a2836c6a1c38ed803e32adec

  • SHA256

    dd4fd2160cb6c36f8fd633bf311699c505145211684965848e5ebee881aba57b

  • SHA512

    60ca7811eb611ea880b923c30ff97b1763f2f98f4ad1eb2dfab089612025a21047b834a4689fa87cb8292d4272ba1fc4a8d20a930f2609f4d615fbcfc260a4a6

  • SSDEEP

    768:tmXDtTNfb0EKA06c3p+xD/103coLF4NdFdMTfdE5jFeDq0X1a:IDtTR09UxjMpcrO8jEDqya

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2724c0cc7adeaf144a9f772b27009fbb.exe
    "C:\Users\Admin\AppData\Local\Temp\2724c0cc7adeaf144a9f772b27009fbb.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3320
    • C:\Users\Admin\AppData\Local\Temp\2724c0cc7adeaf144a9f772b27009fbb.exe
      C:\Users\Admin\AppData\Local\Temp\2724c0cc7adeaf144a9f772b27009fbb.exe
      2⤵
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:3724
      • C:\Windows\shvhost.exe
        "C:\Windows\shvhost.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:5072
        • C:\Windows\shvhost.exe
          C:\Windows\shvhost.exe
          4⤵
          • Executes dropped EXE
          PID:2736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2736-24-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download

  • memory/2736-27-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download

  • memory/2736-30-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download

  • memory/3724-2-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download

  • memory/3724-3-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download

  • memory/3724-0-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download

  • memory/3724-4-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download

  • memory/3724-17-0x0000000000400000-0x0000000000451000-memory.dmp

    Filesize

    324KB

    Download