563616df4a48442e8d0982dd57934c77a104ff827ed097539b0770c7650dfdbd

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
10-03-2024 13:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bec1320f297eb5a112dbd3cc9867354a.exe
Size

28KB
MD5

bec1320f297eb5a112dbd3cc9867354a
SHA1

051a174018e34373c624bd674743ef9c2495bc5c
SHA256

563616df4a48442e8d0982dd57934c77a104ff827ed097539b0770c7650dfdbd
SHA512

f1a1e9a3ae240b27bf102c329f82d0846c78f7fe3bbddc557036f407db4eb9602ba03572a1f2e98607a933c42f99f44ed3d1b25b3cfeb3d304ddbb075bdde86a
SSDEEP

384:PPwm41TvWzbvL5n9g4DAncxqlHeILufRqL:PPqTQJn9g4DAcxql+ICcL

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2220 set thread context of 2900	2220	bec1320f297eb5a112dbd3cc9867354a.exe	28

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2900	bec1320f297eb5a112dbd3cc9867354a.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2900	2220	bec1320f297eb5a112dbd3cc9867354a.exe	28
PID 2220 wrote to memory of 2900	2220	bec1320f297eb5a112dbd3cc9867354a.exe	28
PID 2220 wrote to memory of 2900	2220	bec1320f297eb5a112dbd3cc9867354a.exe	28
PID 2220 wrote to memory of 2900	2220	bec1320f297eb5a112dbd3cc9867354a.exe	28
PID 2220 wrote to memory of 2900	2220	bec1320f297eb5a112dbd3cc9867354a.exe	28
PID 2220 wrote to memory of 2900	2220	bec1320f297eb5a112dbd3cc9867354a.exe	28
PID 2220 wrote to memory of 2900	2220	bec1320f297eb5a112dbd3cc9867354a.exe	28
PID 2220 wrote to memory of 2900	2220	bec1320f297eb5a112dbd3cc9867354a.exe	28
PID 2220 wrote to memory of 2900	2220	bec1320f297eb5a112dbd3cc9867354a.exe	28
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20
PID 2900 wrote to memory of 1116	2900	bec1320f297eb5a112dbd3cc9867354a.exe	20

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1116
- C:\Users\Admin\AppData\Local\Temp\bec1320f297eb5a112dbd3cc9867354a.exe
  "C:\Users\Admin\AppData\Local\Temp\bec1320f297eb5a112dbd3cc9867354a.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:2220
- - C:\Users\Admin\AppData\Local\Temp\bec1320f297eb5a112dbd3cc9867354a.exe
    "C:\Users\Admin\AppData\Local\Temp\bec1320f297eb5a112dbd3cc9867354a.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2220-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2220-12-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2900-3-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2900-1-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2900-5-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2900-7-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2900-9-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2900-11-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2900-14-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2900-15-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download