a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f

Analysis

max time kernel
148s
max time network
163s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
19-04-2024 00:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe
Size

367KB
MD5

85269f246bebba3bf13422a34e35c9c6
SHA1

5d89b548a6e3dd62165595acdff29448cdcc81ff
SHA256

a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f
SHA512

a27135bab2f7fad9580e315e22ace272bfa8c01314759b783bdc52b263ba2a9fe01a6afa1f0366cfc7efdb80ca25dab18bf9f454719248d8e37fe9a3aefdb0df
SSDEEP

6144:SFD9pQcEWCcQJgC4ij/hSTrRS1g58hu+Md0bX7B:6MWCcGgC4ijwTM1g54tMd0bV

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe

description	pid	process	target process
PID 3232 set thread context of 892	3232	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe

description	pid	process	target process
PID 3232 wrote to memory of 892	3232	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe
PID 3232 wrote to memory of 892	3232	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe
PID 3232 wrote to memory of 892	3232	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe
PID 3232 wrote to memory of 892	3232	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe
PID 3232 wrote to memory of 892	3232	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe
PID 3232 wrote to memory of 892	3232	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe
PID 3232 wrote to memory of 892	3232	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe
PID 3232 wrote to memory of 892	3232	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe
PID 3232 wrote to memory of 892	3232	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe	a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe

C:\Users\Admin\AppData\Local\Temp\a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe
"C:\Users\Admin\AppData\Local\Temp\a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3232
- C:\Users\Admin\AppData\Local\Temp\a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe
  "C:\Users\Admin\AppData\Local\Temp\a379b669baeeeba6d46382692f8b538f1d2d5d808592d92817a8e2cdebc5363f.exe"
  2⤵
  PID:892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/892-3-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/892-5-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/892-6-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/892-7-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/3232-1-0x0000000002F80000-0x0000000003080000-memory.dmp

Filesize
1024KB

Download
memory/3232-2-0x0000000002F10000-0x0000000002F5E000-memory.dmp

Filesize
312KB

Download