Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 01:03

General

  • Target

    e0ebe4bfeae914aeb7925a16f734409c6295fc20229839208702c5ef635c28df.exe

  • Size

    382KB

  • MD5

    7bf3f35a8866493e4a3b7d137786bd92

  • SHA1

    e7dd54916fda819471f3980b1231a1e8163c7bb3

  • SHA256

    e0ebe4bfeae914aeb7925a16f734409c6295fc20229839208702c5ef635c28df

  • SHA512

    dfeeccdf15d993e9f9893c284605a1a53189567672a311cfd6fc7deccc0d2bc3268d32c291aed410cc69dee1125c02d20b57434c6f97f1dc6d9d2ea4dec3c9b4

  • SSDEEP

    6144:fbB/dlIBNq4Y6ePJAyL1EEUb8gGmWabdO618PAwSR/DhVfCup0:fbVdUw4Y6eP/pEEs8gGwbe4wSUuC

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e0ebe4bfeae914aeb7925a16f734409c6295fc20229839208702c5ef635c28df.exe
    "C:\Users\Admin\AppData\Local\Temp\e0ebe4bfeae914aeb7925a16f734409c6295fc20229839208702c5ef635c28df.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:2924
    • C:\Users\Admin\AppData\Local\Temp\e0ebe4bfeae914aeb7925a16f734409c6295fc20229839208702c5ef635c28df.exe
      "C:\Users\Admin\AppData\Local\Temp\e0ebe4bfeae914aeb7925a16f734409c6295fc20229839208702c5ef635c28df.exe"
      2⤵
        PID:2148

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2148-3-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

            Filesize

            4KB

          • memory/2148-2-0x0000000000340000-0x0000000000440000-memory.dmp

            Filesize

            1024KB

          • memory/2924-0-0x0000000074B4E000-0x0000000074B4F000-memory.dmp

            Filesize

            4KB

          • memory/2924-1-0x00000000011F0000-0x0000000001256000-memory.dmp

            Filesize

            408KB

          • memory/2924-6-0x0000000074B40000-0x000000007522E000-memory.dmp

            Filesize

            6.9MB