ceca2f4672a64e75a8185c85fc24cdb136418d1f656bfba3516210940e77cce5 | Triage

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14-02-2024 07:29

Sharing

Report Analysis Logs

General

Target

9b1dbf891547ec242116803fdc083ffa.exe
Size

584KB
MD5

9b1dbf891547ec242116803fdc083ffa
SHA1

1824bf016a87784af5bb465cc7ef39adcb597773
SHA256

ceca2f4672a64e75a8185c85fc24cdb136418d1f656bfba3516210940e77cce5
SHA512

e38b32cd1de3bf9431f76097888bebdd9805ec4d939fcd18980b3483a90df0f8d85253498f17a956eb3f25401146888fcd8773dca05d90313e6a20f791cece09
SSDEEP

12288:8RSBGNLsU16SAU9AoakzoZUYUdoztoIpd4m:OSBKJ16XocZ7UaztoO4m

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2204 set thread context of 2060	2204	9b1dbf891547ec242116803fdc083ffa.exe	28

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2204	9b1dbf891547ec242116803fdc083ffa.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2060	2204	9b1dbf891547ec242116803fdc083ffa.exe	28
PID 2204 wrote to memory of 2060	2204	9b1dbf891547ec242116803fdc083ffa.exe	28
PID 2204 wrote to memory of 2060	2204	9b1dbf891547ec242116803fdc083ffa.exe	28
PID 2204 wrote to memory of 2060	2204	9b1dbf891547ec242116803fdc083ffa.exe	28
PID 2204 wrote to memory of 2060	2204	9b1dbf891547ec242116803fdc083ffa.exe	28
PID 2204 wrote to memory of 2060	2204	9b1dbf891547ec242116803fdc083ffa.exe	28
PID 2204 wrote to memory of 2060	2204	9b1dbf891547ec242116803fdc083ffa.exe	28
PID 2204 wrote to memory of 2060	2204	9b1dbf891547ec242116803fdc083ffa.exe	28
PID 2204 wrote to memory of 2060	2204	9b1dbf891547ec242116803fdc083ffa.exe	28
PID 2204 wrote to memory of 2060	2204	9b1dbf891547ec242116803fdc083ffa.exe	28

C:\Users\Admin\AppData\Local\Temp\9b1dbf891547ec242116803fdc083ffa.exe
"C:\Users\Admin\AppData\Local\Temp\9b1dbf891547ec242116803fdc083ffa.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Users\Admin\AppData\Local\Temp\9b1dbf891547ec242116803fdc083ffa.exe
  C:\Users\Admin\AppData\Local\Temp\9b1dbf891547ec242116803fdc083ffa.exe
  2⤵
  PID:2060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2060-2-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/2060-5-0x0000000000400000-0x00000000004726D0-memory.dmp

Filesize
457KB

Download