Analysis
-
max time kernel
142s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
13-02-2024 18:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
filename.exe
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
filename.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
filename.exe
-
Size
1.4MB
-
MD5
1db34920c3ae3eb8560695f89e92d930
-
SHA1
531fea122037a7b503e0fcb42aa24382a9631ac8
-
SHA256
569cf3de44279490ab8fe47d78ace6d5cbd6e6413be9d14316d31338eef12bdd
-
SHA512
b311b876c06e8d056a06991a8ebbcfd56c47a0b5d72e5f6ac94a20546f5c7bb857b143d22a09649e630d2474dfe8b7c9115b102443fe12910969f55178a74336
-
SSDEEP
24576:y0/wpWGxRsnyM3LF+0mlBnjs60nEisX1N9rm1Jo/13JQyjLc22dEaY7Unbya87CJ://wn0x3LFfmHnIZE9rm1Ji3hLc22dEa3
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 3180 set thread context of 3404 3180 filename.exe 84 -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe 3180 filename.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3180 filename.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs
pid Process 3180 filename.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 3180 wrote to memory of 3404 3180 filename.exe 84 PID 3180 wrote to memory of 3404 3180 filename.exe 84 PID 3180 wrote to memory of 3404 3180 filename.exe 84 PID 3180 wrote to memory of 3404 3180 filename.exe 84 PID 3180 wrote to memory of 3404 3180 filename.exe 84 PID 3180 wrote to memory of 3404 3180 filename.exe 84 PID 3180 wrote to memory of 3404 3180 filename.exe 84 PID 3180 wrote to memory of 3404 3180 filename.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\filename.exe"C:\Users\Admin\AppData\Local\Temp\filename.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
PID:3180 -
C:\Windows\SysWOW64\ctfmon.exe"C:\Windows\SysWOW64\ctfmon.exe -p 1234"2⤵PID:3404
-