0e0e02546f73e4914cd735dea83a94435e567a26d64c11b8a7fc6f0ef6fc4103

Analysis

max time kernel
91s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/01/2024, 17:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

4.5MB
MD5

059660095ba38842e176cf29d8adc954
SHA1

a330e477566fed2f46b19199853762fea089cec6
SHA256

0e0e02546f73e4914cd735dea83a94435e567a26d64c11b8a7fc6f0ef6fc4103
SHA512

26f21b1ebdb44e4b85a30a9b1ee86cf6b014563270f2a3b150aa997f27734835202fd1551c84683d3866e56dac81ccf9de189b96209cc7655320d0bea8a86684
SSDEEP

49152:zolGmH4YG9aEZv9zPpYpuPKlMVNPi0jv0eST9r30lJLEJEO1Q35cL2HqCM+Bdzvj:zolfH4Y9EypdMVNa+u0AyO1Q3uYqjMz

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 1 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral2/memory/3628-1-0x0000000000C20000-0x00000000010A8000-memory.dmp	net_reactor

Loads dropped DLL 1 IoCs

pid	Process
3628	file.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3628 set thread context of 2280	3628	file.exe	93

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3628 wrote to memory of 2280	3628	file.exe	93
PID 3628 wrote to memory of 2280	3628	file.exe	93
PID 3628 wrote to memory of 2280	3628	file.exe	93
PID 3628 wrote to memory of 2280	3628	file.exe	93
PID 3628 wrote to memory of 2280	3628	file.exe	93
PID 3628 wrote to memory of 2280	3628	file.exe	93
PID 3628 wrote to memory of 2280	3628	file.exe	93
PID 3628 wrote to memory of 2280	3628	file.exe	93
PID 3628 wrote to memory of 2280	3628	file.exe	93

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3628
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
  2⤵
  PID:2280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Protect544cd51a.dll

Filesize
453KB

MD5
eac3b0bdd54bc51e91f028637865bb43

SHA1
cc553d0795263753fb2503e2514a21447a10c9a4

SHA256
608ee5db2ed976f2427ffea641f32b0da50b12ff1c132c9e028d4248739d5a88

SHA512
02808a24a0c7a8cf4dab08ba1c4c456e65bdbde694c721a573fb6ab3d4a772f00f22d30fea3ea018dc4aa71230e36c404c56085e88c87189c5f48aef9f622d87

Download Submit
memory/2280-23-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2280-30-0x0000000002D20000-0x0000000002D52000-memory.dmp

Filesize
200KB

Download
memory/2280-32-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2280-27-0x0000000002EA0000-0x0000000002EE0000-memory.dmp

Filesize
256KB

Download
memory/2280-28-0x0000000002D10000-0x0000000002D20000-memory.dmp

Filesize
64KB

Download
memory/2280-31-0x0000000002D20000-0x0000000002D52000-memory.dmp

Filesize
200KB

Download
memory/2280-29-0x0000000002D20000-0x0000000002D52000-memory.dmp

Filesize
200KB

Download
memory/2280-20-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/2280-25-0x0000000000400000-0x000000000048A000-memory.dmp

Filesize
552KB

Download
memory/3628-15-0x0000000005E90000-0x0000000005EA0000-memory.dmp

Filesize
64KB

Download
memory/3628-19-0x00000000063E0000-0x00000000064E0000-memory.dmp

Filesize
1024KB

Download
memory/3628-16-0x0000000005E90000-0x0000000005EA0000-memory.dmp

Filesize
64KB

Download
memory/3628-2-0x0000000005A50000-0x0000000005AEC000-memory.dmp

Filesize
624KB

Download
memory/3628-12-0x0000000005E90000-0x0000000005EA0000-memory.dmp

Filesize
64KB

Download
memory/3628-14-0x0000000005E60000-0x0000000005E70000-memory.dmp

Filesize
64KB

Download
memory/3628-18-0x00000000063E0000-0x00000000064E0000-memory.dmp

Filesize
1024KB

Download
memory/3628-17-0x0000000005E90000-0x0000000005EA0000-memory.dmp

Filesize
64KB

Download
memory/3628-0-0x0000000074910000-0x00000000750C0000-memory.dmp

Filesize
7.7MB

Download
memory/3628-11-0x0000000005E90000-0x0000000005EA0000-memory.dmp

Filesize
64KB

Download
memory/3628-26-0x0000000074910000-0x00000000750C0000-memory.dmp

Filesize
7.7MB

Download
memory/3628-13-0x0000000005E90000-0x0000000005EA0000-memory.dmp

Filesize
64KB

Download
memory/3628-1-0x0000000000C20000-0x00000000010A8000-memory.dmp

Filesize
4.5MB

Download
memory/3628-21-0x00000000063E0000-0x00000000064E0000-memory.dmp

Filesize
1024KB

Download
memory/3628-5-0x0000000005FA0000-0x0000000006132000-memory.dmp

Filesize
1.6MB

Download
memory/3628-4-0x0000000005E90000-0x0000000005EA0000-memory.dmp

Filesize
64KB

Download
memory/3628-3-0x0000000074910000-0x00000000750C0000-memory.dmp

Filesize
7.7MB

Download