Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
14/01/2024, 07:44
Static task
static1
Behavioral task
behavioral1
Sample
6a8a4bbb19d86c40938a18771c9ff4c1.exe
Resource
win7-20231215-en
General
-
Target
6a8a4bbb19d86c40938a18771c9ff4c1.exe
-
Size
3.9MB
-
MD5
6a8a4bbb19d86c40938a18771c9ff4c1
-
SHA1
9416b64c873fafd2835cabeae9a322ee6671de10
-
SHA256
bf7942c4a7de7c08083c2bb5961fe1b3fd7f5ab22f8bec2b0494d294aa4db32c
-
SHA512
0523dfb127be53033b593ae1a410d6f08d4f8fee30b07f930244619a2cf21b5e0cf50c5ba5ea6060918bba3fd9029e0940b29ba90fab5886d91f5ef915450a28
-
SSDEEP
49152:v3Pgz0GsP/7CYR3UTBb0xLCrSnBS4Guvx99yeUgncOVS/Ay06hPXql022:fPu0FP2jBbsnM4rvlyeUgcISB00S
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2236 6a8a4bbb19d86c40938a18771c9ff4c1.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2236 set thread context of 2976 2236 6a8a4bbb19d86c40938a18771c9ff4c1.exe 28 -
Suspicious use of WriteProcessMemory 13 IoCs
description pid Process procid_target PID 2236 wrote to memory of 2976 2236 6a8a4bbb19d86c40938a18771c9ff4c1.exe 28 PID 2236 wrote to memory of 2976 2236 6a8a4bbb19d86c40938a18771c9ff4c1.exe 28 PID 2236 wrote to memory of 2976 2236 6a8a4bbb19d86c40938a18771c9ff4c1.exe 28 PID 2236 wrote to memory of 2976 2236 6a8a4bbb19d86c40938a18771c9ff4c1.exe 28 PID 2236 wrote to memory of 2976 2236 6a8a4bbb19d86c40938a18771c9ff4c1.exe 28 PID 2236 wrote to memory of 2976 2236 6a8a4bbb19d86c40938a18771c9ff4c1.exe 28 PID 2236 wrote to memory of 2976 2236 6a8a4bbb19d86c40938a18771c9ff4c1.exe 28 PID 2236 wrote to memory of 2976 2236 6a8a4bbb19d86c40938a18771c9ff4c1.exe 28 PID 2236 wrote to memory of 2976 2236 6a8a4bbb19d86c40938a18771c9ff4c1.exe 28 PID 2236 wrote to memory of 2976 2236 6a8a4bbb19d86c40938a18771c9ff4c1.exe 28 PID 2236 wrote to memory of 2976 2236 6a8a4bbb19d86c40938a18771c9ff4c1.exe 28 PID 2236 wrote to memory of 2976 2236 6a8a4bbb19d86c40938a18771c9ff4c1.exe 28 PID 2236 wrote to memory of 2976 2236 6a8a4bbb19d86c40938a18771c9ff4c1.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\6a8a4bbb19d86c40938a18771c9ff4c1.exe"C:\Users\Admin\AppData\Local\Temp\6a8a4bbb19d86c40938a18771c9ff4c1.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2236 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe2⤵PID:2976
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
184KB
MD5127bd3c1c1ffd2ea2ab920d5cbe6d838
SHA13df6c7111891083600a6d1ad147e5d0beffdc7ca
SHA2566f97cfae7b3359a3438a1e59726e25a1e026f4828cfb574f4eb3bb032730d9f4
SHA512d4a7c210c4d2e5a538c2ed5c69356ad3c45ab8c58e0ae5c591ecce802b568fea1512eb839267e412d46857b036cc834c5a01e3fb7dc762976acbf47f91570cc2