Overview

overview

7

Static

static

1

file.exe

windows7-x64

7

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-02-2024 20:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    421KB

  • MD5

    10a331a12ca40f3293dfadfcecb8d071

  • SHA1

    ada41586d1366cf76c9a652a219a0e0562cc41af

  • SHA256

    b58eec6e5aabc701404d5b5556c86fff5cc103c69eeda00061e838c4f122288f

  • SHA512

    1a5b8e77ddbab97bb4c848adbcd7dbfb9ca84307d1844dba9572fcea48a2cbb091a3fc52663b87568416adf18a1338adc07aab0bd5f1ab36a03c8ff8a035d399

  • SSDEEP

    12288:jh1Fk70TnvjcL8o0S86aZ+ldnqA1W0PeF7H:5k70TrcJX32ih1Re7H

Score
7/10

Malware Config

Signatures

  • .NET Reactor proctector 3 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2836
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
        PID:3400

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2836-12-0x0000000074A50000-0x0000000075200000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2836-13-0x0000000002690000-0x0000000004690000-memory.dmp

      Filesize

      32.0MB

      Download

    • memory/2836-2-0x0000000004C00000-0x0000000004C10000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2836-1-0x0000000074A50000-0x0000000075200000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2836-6-0x0000000004B30000-0x0000000004B82000-memory.dmp

      Filesize

      328KB

      Download

    • memory/2836-5-0x0000000004C10000-0x00000000051B4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/2836-0-0x00000000024E0000-0x0000000002534000-memory.dmp

      Filesize

      336KB

      Download

    • memory/2836-21-0x0000000002690000-0x0000000004690000-memory.dmp

      Filesize

      32.0MB

      Download

    • memory/2836-4-0x0000000004C00000-0x0000000004C10000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2836-3-0x0000000004C00000-0x0000000004C10000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3400-22-0x0000000074A50000-0x0000000075200000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3400-17-0x0000000074A50000-0x0000000075200000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3400-15-0x00000000050D0000-0x00000000050E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3400-14-0x0000000005700000-0x0000000005D18000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/3400-18-0x00000000050E0000-0x00000000051EA000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/3400-19-0x0000000004FF0000-0x000000000502C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/3400-20-0x0000000005030000-0x000000000507C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/3400-9-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/3400-16-0x0000000004F90000-0x0000000004FA2000-memory.dmp

      Filesize

      72KB

      Download