Overview

overview

10

Static

static

10

High Prior...õ.exe

windows10-2004-x64

10

High Prior...10.exe

windows10-2004-x64

10

High Priority/31.exe

windows10-2004-x64

10

High Prior...18.exe

windows10-2004-x64

7

High Prior...-2.exe

windows10-2004-x64

10

High Prior...le.exe

windows10-2004-x64

3

High Prior...er.exe

windows10-2004-x64

8

High Prior...nt.exe

windows10-2004-x64

10

High Prior...01.exe

windows10-2004-x64

10

High Prior...le.exe

windows10-2004-x64

7

High Prior...od.exe

windows10-2004-x64

10

High Prior...p5.exe

windows10-2004-x64

10

cobaltstri...de.exe

windows10-2004-x64

10

default.exe

windows10-2004-x64

10

file.exe

windows10-2004-x64

5

mouse_2.exe

windows10-2004-x64

10

oof.exe

windows10-2004-x64

1

Resubmissions

10-05-2024 17:13

240510-vrrk4sgd7t 10

10-05-2024 17:09

240510-vphv7abd29 10

Analysis

  • max time kernel
    141s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-05-2024 17:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    2.7MB

  • MD5

    731ff38afbc5a664f5a458e222d91f84

  • SHA1

    5105f89898a3d9e5b5b52ddcd7d0a3b167aaf701

  • SHA256

    a0e3a64e0e6aee3370ccbbca59f8ae0b34be674963c1dabe14926b24fdcae7d0

  • SHA512

    910b1c9fb8e28c3f24d35a875ff86f3ab2e2c573797e078ece204538a3bdc6d42bc92531197e57be577ffb2e4cacdd53fec6a61843e6c69be4794e68506f68c3

  • SSDEEP

    24576:3RoBHi3buy4toE1jC6Ayo2xhWLbSPlqRvc68XzRVGvxB5VA0UC1dUUKj/OZ8j3g3:BoKmo4jC6TovDRUC1doj/Tg3

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4592
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe"
      2⤵
        PID:4004

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4004-1-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

      Download

    • memory/4592-0-0x00007FF6D1AE0000-0x00007FF6D1E29000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/4592-2-0x00007FF6D1AE0000-0x00007FF6D1E29000-memory.dmp

      Filesize

      3.3MB

      Download