8aed9cb28e0d964ce183de82cd1d58dc196e8cf1948690cc699a10ff1601cf01

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 11:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4e237cb9d07b5b1cdb4632d58f6872f0.exe
Size

228KB
MD5

4e237cb9d07b5b1cdb4632d58f6872f0
SHA1

b68706b2cf6869be1bf2c9f4b9a5c5eedea1076f
SHA256

8aed9cb28e0d964ce183de82cd1d58dc196e8cf1948690cc699a10ff1601cf01
SHA512

6c04fde7e4581cc57ffa891d3b4a3ebc3cbefd187f99d01a80fad8835cf425e3ce2b27625e1f690338414c0bff336213aebf27ab5f1d1eca90b71522df5aba43
SSDEEP

6144:UQ/0K9vMUYmySsXpLl3f2qeeCNrL/UlfWCMxdGHg8BU2cc75Sq:UQ8bSsP+qtsrL/UlRMrOSq

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1872 set thread context of 2700	1872	4e237cb9d07b5b1cdb4632d58f6872f0.exe	28

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2700	4e237cb9d07b5b1cdb4632d58f6872f0.exe
2700	4e237cb9d07b5b1cdb4632d58f6872f0.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1872	4e237cb9d07b5b1cdb4632d58f6872f0.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 2700	1872	4e237cb9d07b5b1cdb4632d58f6872f0.exe	28
PID 1872 wrote to memory of 2700	1872	4e237cb9d07b5b1cdb4632d58f6872f0.exe	28
PID 1872 wrote to memory of 2700	1872	4e237cb9d07b5b1cdb4632d58f6872f0.exe	28
PID 1872 wrote to memory of 2700	1872	4e237cb9d07b5b1cdb4632d58f6872f0.exe	28
PID 1872 wrote to memory of 2700	1872	4e237cb9d07b5b1cdb4632d58f6872f0.exe	28
PID 1872 wrote to memory of 2700	1872	4e237cb9d07b5b1cdb4632d58f6872f0.exe	28
PID 1872 wrote to memory of 2700	1872	4e237cb9d07b5b1cdb4632d58f6872f0.exe	28
PID 1872 wrote to memory of 2700	1872	4e237cb9d07b5b1cdb4632d58f6872f0.exe	28
PID 2700 wrote to memory of 1144	2700	4e237cb9d07b5b1cdb4632d58f6872f0.exe	12
PID 2700 wrote to memory of 1144	2700	4e237cb9d07b5b1cdb4632d58f6872f0.exe	12
PID 2700 wrote to memory of 1144	2700	4e237cb9d07b5b1cdb4632d58f6872f0.exe	12
PID 2700 wrote to memory of 1144	2700	4e237cb9d07b5b1cdb4632d58f6872f0.exe	12

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1144
- C:\Users\Admin\AppData\Local\Temp\4e237cb9d07b5b1cdb4632d58f6872f0.exe
  "C:\Users\Admin\AppData\Local\Temp\4e237cb9d07b5b1cdb4632d58f6872f0.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1872
- - C:\Users\Admin\AppData\Local\Temp\4e237cb9d07b5b1cdb4632d58f6872f0.exe
    C:\Users\Admin\AppData\Local\Temp\4e237cb9d07b5b1cdb4632d58f6872f0.exe
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1144-37-0x000000007EFD0000-0x000000007EFD1000-memory.dmp

Filesize
4KB

Download
memory/1144-33-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1872-3-0x00000000002F0000-0x0000000000329000-memory.dmp

Filesize
228KB

Download
memory/1872-24-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1872-14-0x0000000077871000-0x0000000077872000-memory.dmp

Filesize
4KB

Download
memory/1872-5-0x0000000077870000-0x0000000077871000-memory.dmp

Filesize
4KB

Download
memory/1872-7-0x0000000001EB0000-0x0000000001EC0000-memory.dmp

Filesize
64KB

Download
memory/1872-6-0x000000007786F000-0x0000000077870000-memory.dmp

Filesize
4KB

Download
memory/1872-10-0x0000000076FE0000-0x00000000770F0000-memory.dmp

Filesize
1.1MB

Download
memory/1872-11-0x0000000001ED0000-0x0000000001EE0000-memory.dmp

Filesize
64KB

Download
memory/1872-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1872-4-0x0000000001ED0000-0x0000000001EE0000-memory.dmp

Filesize
64KB

Download
memory/1872-1-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1872-27-0x00000000002F0000-0x0000000000329000-memory.dmp

Filesize
228KB

Download
memory/1872-2-0x0000000000230000-0x0000000000234000-memory.dmp

Filesize
16KB

Download
memory/1872-28-0x00000000778A8000-0x00000000778A9000-memory.dmp

Filesize
4KB

Download
memory/1872-12-0x0000000001EE0000-0x0000000001EF0000-memory.dmp

Filesize
64KB

Download
memory/1872-30-0x0000000076FE0000-0x00000000770F0000-memory.dmp

Filesize
1.1MB

Download
memory/1872-13-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2700-29-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2700-21-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2700-19-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2700-17-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2700-26-0x0000000000400000-0x00000000004083A0-memory.dmp

Filesize
32KB

Download
memory/2700-31-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2700-36-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/2700-23-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2700-15-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2700-47-0x0000000000400000-0x00000000004083A0-memory.dmp

Filesize
32KB

Download