Overview

overview

5

Static

static

3

e-dekont.exe

windows7-x64

5

e-dekont.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    99s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-01-2024 08:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e-dekont.exe

  • Size

    938KB

  • MD5

    1c808f1d1595115996f6abc5e855ae35

  • SHA1

    61bc2dffa9ed8d6d23768996f10625769659444a

  • SHA256

    3f72928d0f49086a7a5f96d15e5e3eb0dac7a7927da3717bc6d90d576877c88e

  • SHA512

    9e74e1323ac5964c873a9c0076dc21a2821621c33991a6f12524732b4e86aad84db8c340caddb5187ae61e160bfc4fc13edf40a25291080b191547a0347a15a6

  • SSDEEP

    12288:h85rryO3vT8NrsBYj/Ghvn4LrTMRziamZcUswhBYC1C9ivI3UJB2gTc603:C5rG8vT8ddJLSziamyUfhf1CInrc603

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 4 IoCs
  • Enumerates processes with tasklist 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 46 IoCs
  • Suspicious behavior: MapViewOfSection 5 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e-dekont.exe
    "C:\Users\Admin\AppData\Local\Temp\e-dekont.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3424
    • C:\Users\Admin\AppData\Local\Temp\e-dekont.exe
      "C:\Users\Admin\AppData\Local\Temp\e-dekont.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:2492
  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:3432
    • C:\Windows\SysWOW64\tasklist.exe
      "C:\Windows\SysWOW64\tasklist.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Enumerates processes with tasklist
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:4880
      • C:\Program Files\Mozilla Firefox\Firefox.exe
        "C:\Program Files\Mozilla Firefox\Firefox.exe"
        3⤵
          PID:2816

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2492-12-0x0000000000400000-0x000000000043F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/2492-23-0x0000000000400000-0x000000000043F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/2492-24-0x00000000016B0000-0x00000000016D1000-memory.dmp

      Filesize

      132KB

      Download

    • memory/2492-18-0x0000000000400000-0x000000000043F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/2492-19-0x00000000016B0000-0x00000000016D1000-memory.dmp

      Filesize

      132KB

      Download

    • memory/2492-17-0x0000000000400000-0x000000000043F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/2492-16-0x0000000000400000-0x000000000043F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/2492-15-0x0000000001710000-0x0000000001A5A000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/3424-8-0x0000000006E40000-0x0000000006EBE000-memory.dmp

      Filesize

      504KB

      Download

    • memory/3424-0-0x0000000000F60000-0x0000000001050000-memory.dmp

      Filesize

      960KB

      Download

    • memory/3424-10-0x0000000074E00000-0x00000000755B0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3424-11-0x0000000005AE0000-0x0000000005AF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3424-1-0x0000000074E00000-0x00000000755B0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3424-14-0x0000000074E00000-0x00000000755B0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3424-7-0x0000000005BC0000-0x0000000005BCE000-memory.dmp

      Filesize

      56KB

      Download

    • memory/3424-6-0x0000000005B80000-0x0000000005B9A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/3424-5-0x0000000005900000-0x000000000590A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/3424-4-0x0000000005AE0000-0x0000000005AF0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3424-2-0x0000000005DE0000-0x0000000006384000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/3424-9-0x000000000ADA0000-0x000000000AE3C000-memory.dmp

      Filesize

      624KB

      Download

    • memory/3424-3-0x0000000005910000-0x00000000059A2000-memory.dmp

      Filesize

      584KB

      Download

    • memory/3432-20-0x000000000CB00000-0x000000000D1DE000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/3432-28-0x000000000CB00000-0x000000000D1DE000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/3432-30-0x0000000002F80000-0x000000000309F000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/3432-31-0x0000000002F80000-0x000000000309F000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/3432-38-0x0000000002F80000-0x000000000309F000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/4880-22-0x0000000000B60000-0x0000000000B9B000-memory.dmp

      Filesize

      236KB

      Download

    • memory/4880-21-0x0000000000B60000-0x0000000000B9B000-memory.dmp

      Filesize

      236KB

      Download

    • memory/4880-25-0x00000000030A0000-0x00000000033EA000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/4880-26-0x0000000000B60000-0x0000000000B9B000-memory.dmp

      Filesize

      236KB

      Download

    • memory/4880-27-0x0000000002F50000-0x0000000002FF0000-memory.dmp

      Filesize

      640KB

      Download

    • memory/4880-29-0x0000000000B60000-0x0000000000B9B000-memory.dmp

      Filesize

      236KB

      Download