Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
14/01/2024, 07:46
Static task
static1
Behavioral task
behavioral1
Sample
6a8a4bbb19d86c40938a18771c9ff4c1.exe
Resource
win7-20231215-en
General
-
Target
6a8a4bbb19d86c40938a18771c9ff4c1.exe
-
Size
3.9MB
-
MD5
6a8a4bbb19d86c40938a18771c9ff4c1
-
SHA1
9416b64c873fafd2835cabeae9a322ee6671de10
-
SHA256
bf7942c4a7de7c08083c2bb5961fe1b3fd7f5ab22f8bec2b0494d294aa4db32c
-
SHA512
0523dfb127be53033b593ae1a410d6f08d4f8fee30b07f930244619a2cf21b5e0cf50c5ba5ea6060918bba3fd9029e0940b29ba90fab5886d91f5ef915450a28
-
SSDEEP
49152:v3Pgz0GsP/7CYR3UTBb0xLCrSnBS4Guvx99yeUgncOVS/Ay06hPXql022:fPu0FP2jBbsnM4rvlyeUgcISB00S
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2164 6a8a4bbb19d86c40938a18771c9ff4c1.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2164 set thread context of 2720 2164 6a8a4bbb19d86c40938a18771c9ff4c1.exe 30 -
Suspicious use of WriteProcessMemory 13 IoCs
description pid Process procid_target PID 2164 wrote to memory of 2720 2164 6a8a4bbb19d86c40938a18771c9ff4c1.exe 30 PID 2164 wrote to memory of 2720 2164 6a8a4bbb19d86c40938a18771c9ff4c1.exe 30 PID 2164 wrote to memory of 2720 2164 6a8a4bbb19d86c40938a18771c9ff4c1.exe 30 PID 2164 wrote to memory of 2720 2164 6a8a4bbb19d86c40938a18771c9ff4c1.exe 30 PID 2164 wrote to memory of 2720 2164 6a8a4bbb19d86c40938a18771c9ff4c1.exe 30 PID 2164 wrote to memory of 2720 2164 6a8a4bbb19d86c40938a18771c9ff4c1.exe 30 PID 2164 wrote to memory of 2720 2164 6a8a4bbb19d86c40938a18771c9ff4c1.exe 30 PID 2164 wrote to memory of 2720 2164 6a8a4bbb19d86c40938a18771c9ff4c1.exe 30 PID 2164 wrote to memory of 2720 2164 6a8a4bbb19d86c40938a18771c9ff4c1.exe 30 PID 2164 wrote to memory of 2720 2164 6a8a4bbb19d86c40938a18771c9ff4c1.exe 30 PID 2164 wrote to memory of 2720 2164 6a8a4bbb19d86c40938a18771c9ff4c1.exe 30 PID 2164 wrote to memory of 2720 2164 6a8a4bbb19d86c40938a18771c9ff4c1.exe 30 PID 2164 wrote to memory of 2720 2164 6a8a4bbb19d86c40938a18771c9ff4c1.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\6a8a4bbb19d86c40938a18771c9ff4c1.exe"C:\Users\Admin\AppData\Local\Temp\6a8a4bbb19d86c40938a18771c9ff4c1.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2164 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe2⤵PID:2720
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
742KB
MD5544cd51a596619b78e9b54b70088307d
SHA14769ddd2dbc1dc44b758964ed0bd231b85880b65
SHA256dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd
SHA512f56d8b81022bb132d40aa78596da39b5c212d13b84b5c7d2c576bbf403924f1d22e750de3b09d1be30aea359f1b72c5043b19685fc9bf06d8040bfee16b17719