Overview

overview

5

Static

static

3

39dc44c427...ed.exe

windows7-x64

5

39dc44c427...ed.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 14:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    39dc44c4275b057fc9094e41a59de1ed.exe

  • Size

    64KB

  • MD5

    39dc44c4275b057fc9094e41a59de1ed

  • SHA1

    6bb6fe36253dcd29b1d5782bae90de5d73c92801

  • SHA256

    50de9bc3a0e461be9e2ec3e1c68a1a24a2485289976539de6e88b770fbdbb345

  • SHA512

    dfecf58d54c0b1ed431eaeb3bd8366c106df119c27179a85930eab4eb0a470089c8dbd586c10e9b03049f5db464ac02205bf937e1adda03ea0f3d7c92d270516

  • SSDEEP

    1536:o8LgVqXMwv3Rm0BY9UAQvf9gSqEjHhWQTDgeqQY:oknw0BYGAQXqihZPgeq

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\39dc44c4275b057fc9094e41a59de1ed.exe
    "C:\Users\Admin\AppData\Local\Temp\39dc44c4275b057fc9094e41a59de1ed.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1888
    • C:\Windows\SysWOW64\runas.exe
      runas.exe
      2⤵
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of FindShellTrayWindow
      PID:2792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\xyidebrxmpdesjr
    Filesize

    190B

    MD5

    472c0fdb9f7cec9559ea2e791a93f7d5

    SHA1

    9ecc622bc1359ccbaf6d89417ba9eee45039991b

    SHA256

    0008cd89443d06866fb85a535bf5c03cd2fa061046a5b4d8e63386e88b0dd30f

    SHA512

    c449682545fd641846bf0e859a994d73429ed8da686743cec8d39c32258eeedfee608979d941df1c2e831063b6d599af674d5dee44a832ab0734bc649ca01d90

    Download Submit

  • memory/1384-68-0x0000000002AF0000-0x0000000002AFE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1888-1-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/1888-0-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2792-5-0x0000000000080000-0x00000000000A8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2792-7-0x0000000000080000-0x00000000000A8000-memory.dmp

    Filesize

    160KB

    Download