Analysis Overview
SHA256
a13c344beb47d152bf3942cc73542341b06404a7dfb4192a3f3e37df34477fb9
Threat Level: Likely benign
The file 1332dc3f693c906ccbce8cdd73dfd0c7.bin was found to be: Likely benign.
Malicious Activity Summary
Suspicious use of SetThreadContext
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-13 01:14
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 01:14
Reported
2024-06-13 01:17
Platform
win7-20240508-en
Max time kernel
121s
Max time network
128s
Command Line
Signatures
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2344 set thread context of 2884 | N/A | C:\Users\Admin\AppData\Local\Temp\ab512dde369fc42eb0886e1aeb9ff167d8ab555d05ae1e7039e0060be39d916f.exe | C:\Users\Admin\AppData\Local\Temp\ab512dde369fc42eb0886e1aeb9ff167d8ab555d05ae1e7039e0060be39d916f.exe |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ab512dde369fc42eb0886e1aeb9ff167d8ab555d05ae1e7039e0060be39d916f.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ab512dde369fc42eb0886e1aeb9ff167d8ab555d05ae1e7039e0060be39d916f.exe
"C:\Users\Admin\AppData\Local\Temp\ab512dde369fc42eb0886e1aeb9ff167d8ab555d05ae1e7039e0060be39d916f.exe"
C:\Users\Admin\AppData\Local\Temp\ab512dde369fc42eb0886e1aeb9ff167d8ab555d05ae1e7039e0060be39d916f.exe
"{path}"
Network
Files
memory/2344-0-0x000000007476E000-0x000000007476F000-memory.dmp
memory/2344-1-0x00000000009F0000-0x0000000000AC4000-memory.dmp
memory/2344-2-0x00000000003D0000-0x00000000003DC000-memory.dmp
memory/2344-3-0x000000007476E000-0x000000007476F000-memory.dmp
memory/2344-4-0x0000000074760000-0x0000000074E4E000-memory.dmp
memory/2344-5-0x0000000004B60000-0x0000000004BEC000-memory.dmp
memory/2344-6-0x00000000009A0000-0x00000000009D4000-memory.dmp
memory/2884-7-0x0000000000400000-0x000000000042F000-memory.dmp
memory/2884-9-0x0000000000400000-0x000000000042F000-memory.dmp
memory/2884-13-0x0000000000400000-0x000000000042F000-memory.dmp
memory/2884-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp
memory/2884-14-0x0000000000400000-0x000000000042F000-memory.dmp
memory/2344-15-0x0000000074760000-0x0000000074E4E000-memory.dmp
memory/2884-16-0x0000000000AD0000-0x0000000000DD3000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 01:14
Reported
2024-06-13 01:17
Platform
win10v2004-20240508-en
Max time kernel
51s
Max time network
53s
Command Line
Signatures
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5112 set thread context of 2424 | N/A | C:\Users\Admin\AppData\Local\Temp\ab512dde369fc42eb0886e1aeb9ff167d8ab555d05ae1e7039e0060be39d916f.exe | C:\Users\Admin\AppData\Local\Temp\ab512dde369fc42eb0886e1aeb9ff167d8ab555d05ae1e7039e0060be39d916f.exe |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ab512dde369fc42eb0886e1aeb9ff167d8ab555d05ae1e7039e0060be39d916f.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ab512dde369fc42eb0886e1aeb9ff167d8ab555d05ae1e7039e0060be39d916f.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ab512dde369fc42eb0886e1aeb9ff167d8ab555d05ae1e7039e0060be39d916f.exe
"C:\Users\Admin\AppData\Local\Temp\ab512dde369fc42eb0886e1aeb9ff167d8ab555d05ae1e7039e0060be39d916f.exe"
C:\Users\Admin\AppData\Local\Temp\ab512dde369fc42eb0886e1aeb9ff167d8ab555d05ae1e7039e0060be39d916f.exe
"{path}"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/5112-0-0x00000000751EE000-0x00000000751EF000-memory.dmp
memory/5112-1-0x0000000000CB0000-0x0000000000D84000-memory.dmp
memory/5112-2-0x00000000057B0000-0x000000000584C000-memory.dmp
memory/5112-3-0x0000000003090000-0x000000000309C000-memory.dmp
memory/5112-4-0x0000000005850000-0x00000000058E2000-memory.dmp
memory/5112-5-0x00000000751EE000-0x00000000751EF000-memory.dmp
memory/5112-6-0x00000000751E0000-0x0000000075990000-memory.dmp
memory/5112-7-0x0000000005DF0000-0x0000000005E7C000-memory.dmp
memory/5112-8-0x0000000008200000-0x0000000008234000-memory.dmp
memory/2424-9-0x0000000000400000-0x000000000042F000-memory.dmp
memory/2424-11-0x0000000000400000-0x000000000042F000-memory.dmp
memory/2424-12-0x00000000015B0000-0x00000000018FA000-memory.dmp
memory/5112-13-0x00000000751E0000-0x0000000075990000-memory.dmp
memory/2424-14-0x00000000015B0000-0x00000000018FA000-memory.dmp