Overview

overview

5

Static

static

3

6868d2ec42...f0.exe

windows7-x64

5

6868d2ec42...f0.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    92s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/01/2024, 19:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6868d2ec42965ca7d4ec25b0ee1bf9f0.exe

  • Size

    64KB

  • MD5

    6868d2ec42965ca7d4ec25b0ee1bf9f0

  • SHA1

    7f74093dfdbd06e2322397dbb8dd75b7d3fa7988

  • SHA256

    813c2968e83664c1a23972167091f0a29420d9e310c157ebb1c0a2c49b459d55

  • SHA512

    2e6b0e101ec9ac0b145052ff416f75b1a435a5dd80bbc2c0856ebff77f8b970341cd3eecf283a9a992994a13555d438b46efaaced4df60fd3e48a87fef57b89f

  • SSDEEP

    1536:3JtJVDWLRM6Yb15xTJw7ez7dtXWekk/iYFX:5tJVDWLRM6YbRTJz/b3kQFX

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3524
      • C:\Users\Admin\AppData\Local\Temp\6868d2ec42965ca7d4ec25b0ee1bf9f0.exe
        "C:\Users\Admin\AppData\Local\Temp\6868d2ec42965ca7d4ec25b0ee1bf9f0.exe"
        2⤵
        • Suspicious use of SetThreadContext
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1520
        • C:\Users\Admin\AppData\Local\Temp\6868d2ec42965ca7d4ec25b0ee1bf9f0.exe
          C:\Users\Admin\AppData\Local\Temp\6868d2ec42965ca7d4ec25b0ee1bf9f0.exe
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4212

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3524-9-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3524-11-0x000000007FFC0000-0x000000007FFC6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/4212-3-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/4212-2-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/4212-6-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/4212-7-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/4212-8-0x0000000010000000-0x0000000010011000-memory.dmp

      Filesize

      68KB

      Download

    • memory/4212-17-0x0000000010000000-0x0000000010011000-memory.dmp

      Filesize

      68KB

      Download