Overview

overview

5

Static

static

3

ccc6bc3a5f...7c.exe

windows7-x64

5

ccc6bc3a5f...7c.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-03-2024 01:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ccc6bc3a5fa126f8f54368124e3a917c.exe

  • Size

    210KB

  • MD5

    ccc6bc3a5fa126f8f54368124e3a917c

  • SHA1

    d3c57b06455002c4c3872fbe6b9122ff92bc303d

  • SHA256

    60dacf28851096c95dac3b596256e54a30ef580edd368daf53a9015f0804f2c4

  • SHA512

    591d5f75abd07d11af30dafed2ecd6532a5c164fc9d4ff7eac3ff39df6e9d67111e4346dabfb0c571956873dc8d0280173501ab51528c166960bc2bb72133ffb

  • SSDEEP

    6144:LSVm8lhcW+R2ZJWHhV9upr41ocGHAXCo6UKdc:LI+UJaDsrJgXCoSdc

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3464
      • C:\Users\Admin\AppData\Local\Temp\ccc6bc3a5fa126f8f54368124e3a917c.exe
        "C:\Users\Admin\AppData\Local\Temp\ccc6bc3a5fa126f8f54368124e3a917c.exe"
        2⤵
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:4276
        • C:\Users\Admin\AppData\Local\Temp\ccc6bc3a5fa126f8f54368124e3a917c.exe
          C:\Users\Admin\AppData\Local\Temp\ccc6bc3a5fa126f8f54368124e3a917c.exe
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:2920

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2920-0-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2920-3-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2920-4-0x0000000010000000-0x0000000010011000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2920-12-0x0000000010000000-0x0000000010011000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2920-14-0x0000000000400000-0x0000000000409000-memory.dmp

      Filesize

      36KB

      Download

    • memory/3464-6-0x000000007FFF0000-0x000000007FFF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3464-8-0x000000007FFC0000-0x000000007FFC6000-memory.dmp

      Filesize

      24KB

      Download