5b2cfe870cac31fc2e4d5f45404769241f63e0c688d37cfde029d17bf5ca506c | Triage

Analysis

max time kernel
151s
max time network
168s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 19:36

Sharing

Report Analysis Logs

General

Target

3db2ef20ce6bc2cdf893bd6e0b7fc3e0.exe
Size

1KB
MD5

3db2ef20ce6bc2cdf893bd6e0b7fc3e0
SHA1

218a5ad711ad931dd623df331171c6d88e223da2
SHA256

5b2cfe870cac31fc2e4d5f45404769241f63e0c688d37cfde029d17bf5ca506c
SHA512

1b67c5adef50ce346d03b9b367e30e3dff0382f70fea1f416b9884844a95364ecfbdb56e88c8f528a553bbd217e9fa974653d0b00760fa08247a2fe133c44c36

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2324	svchost.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2404 set thread context of 2324	2404	3db2ef20ce6bc2cdf893bd6e0b7fc3e0.exe	28

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 2324	2404	3db2ef20ce6bc2cdf893bd6e0b7fc3e0.exe	28
PID 2404 wrote to memory of 2324	2404	3db2ef20ce6bc2cdf893bd6e0b7fc3e0.exe	28
PID 2404 wrote to memory of 2324	2404	3db2ef20ce6bc2cdf893bd6e0b7fc3e0.exe	28
PID 2404 wrote to memory of 2324	2404	3db2ef20ce6bc2cdf893bd6e0b7fc3e0.exe	28
PID 2404 wrote to memory of 2324	2404	3db2ef20ce6bc2cdf893bd6e0b7fc3e0.exe	28

C:\Users\Admin\AppData\Local\Temp\3db2ef20ce6bc2cdf893bd6e0b7fc3e0.exe
"C:\Users\Admin\AppData\Local\Temp\3db2ef20ce6bc2cdf893bd6e0b7fc3e0.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Windows\SysWOW64\svchost.exe
  svchost.exe C:\Users\Admin\AppData\Local\Temp\3db2ef20ce6bc2cdf893bd6e0b7fc3e0.exe
  2⤵
  - Deletes itself
  PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2324-0-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2324-3-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2324-4-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2404-2-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download