2f948b529500701e1cdd28c47653857ce7286115bb82badc435d05951557e0df

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/02/2024, 09:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96cfeb657752b5498ad4b47d142003a0.exe
Size

128KB
MD5

96cfeb657752b5498ad4b47d142003a0
SHA1

d343b7c9347271dbf03d68410004795e394f17c3
SHA256

2f948b529500701e1cdd28c47653857ce7286115bb82badc435d05951557e0df
SHA512

47b5a61a8124d41e50420a196b961f749314f7126f87b1b2acc2403400030702ee3fb6c83fdc2e19dd5051fb7ca41eef82f651659c7c2d374070d22deb16ad33
SSDEEP

3072:zjh/Bpt5y6wUSzgS7YiWCBq6Kpvu77GaXZtx:zjhHt5FZnS/WCQIPGah

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1380 set thread context of 1292	1380	96cfeb657752b5498ad4b47d142003a0.exe	28
PID 1292 set thread context of 2196	1292	96cfeb657752b5498ad4b47d142003a0.exe	29

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1380	96cfeb657752b5498ad4b47d142003a0.exe
1292	96cfeb657752b5498ad4b47d142003a0.exe
2196	96cfeb657752b5498ad4b47d142003a0.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 1292	1380	96cfeb657752b5498ad4b47d142003a0.exe	28
PID 1380 wrote to memory of 1292	1380	96cfeb657752b5498ad4b47d142003a0.exe	28
PID 1380 wrote to memory of 1292	1380	96cfeb657752b5498ad4b47d142003a0.exe	28
PID 1380 wrote to memory of 1292	1380	96cfeb657752b5498ad4b47d142003a0.exe	28
PID 1380 wrote to memory of 1292	1380	96cfeb657752b5498ad4b47d142003a0.exe	28
PID 1380 wrote to memory of 1292	1380	96cfeb657752b5498ad4b47d142003a0.exe	28
PID 1380 wrote to memory of 1292	1380	96cfeb657752b5498ad4b47d142003a0.exe	28
PID 1380 wrote to memory of 1292	1380	96cfeb657752b5498ad4b47d142003a0.exe	28
PID 1380 wrote to memory of 1292	1380	96cfeb657752b5498ad4b47d142003a0.exe	28
PID 1292 wrote to memory of 2196	1292	96cfeb657752b5498ad4b47d142003a0.exe	29
PID 1292 wrote to memory of 2196	1292	96cfeb657752b5498ad4b47d142003a0.exe	29
PID 1292 wrote to memory of 2196	1292	96cfeb657752b5498ad4b47d142003a0.exe	29
PID 1292 wrote to memory of 2196	1292	96cfeb657752b5498ad4b47d142003a0.exe	29
PID 1292 wrote to memory of 2196	1292	96cfeb657752b5498ad4b47d142003a0.exe	29
PID 1292 wrote to memory of 2196	1292	96cfeb657752b5498ad4b47d142003a0.exe	29
PID 1292 wrote to memory of 2196	1292	96cfeb657752b5498ad4b47d142003a0.exe	29
PID 1292 wrote to memory of 2196	1292	96cfeb657752b5498ad4b47d142003a0.exe	29
PID 1292 wrote to memory of 2196	1292	96cfeb657752b5498ad4b47d142003a0.exe	29

C:\Users\Admin\AppData\Local\Temp\96cfeb657752b5498ad4b47d142003a0.exe
"C:\Users\Admin\AppData\Local\Temp\96cfeb657752b5498ad4b47d142003a0.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Users\Admin\AppData\Local\Temp\96cfeb657752b5498ad4b47d142003a0.exe
  "C:\Users\Admin\AppData\Local\Temp\96cfeb657752b5498ad4b47d142003a0.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1292
- - C:\Users\Admin\AppData\Local\Temp\96cfeb657752b5498ad4b47d142003a0.exe
    C:\Users\Admin\AppData\Local\Temp\96cfeb657752b5498ad4b47d142003a0.exe C:\Users\Admin\AppData\Local\Temp\9#dueisnw1.txt
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:2196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ste.txt

Filesize
9B

MD5
d6e0d01fc906ca012cfc8f548235065e

SHA1
273745182fa83816421f3bc6c06fe3f76d78cd5a

SHA256
2a3234189880f976cc65a07c15acbd11bfa46eeac8e69030e1d87bd6a51a0a74

SHA512
1245034885171347d4c4fcfea877ce60ed0e6bbaf644e2d0d850a10c1e0e4d2ebddac69058c5fda85c2ca76f9454cb73de2109e70d94c5391c68400c8bc208ea

Download Submit
memory/1292-4-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1292-6-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1292-8-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1292-10-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1292-12-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1292-2-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1292-37-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2196-19-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2196-25-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2196-27-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2196-31-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2196-15-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2196-17-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads