Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14/06/2024, 01:14

General

  • Target

    445c00e14a4a3eaf7e11d2858d4c963d8ce5c31ccbdff0fb275436357d6ce5c0.exe

  • Size

    1.2MB

  • MD5

    1dc0ef58fcd118eda3e4e6db7f790655

  • SHA1

    eeaf577a39f32004a26863b48a551e3150e1e9c6

  • SHA256

    445c00e14a4a3eaf7e11d2858d4c963d8ce5c31ccbdff0fb275436357d6ce5c0

  • SHA512

    847d484b47f9b6e603cded70bb2b921030aefb9c78673d9ef3f0106b7179cc4c468ba9cd2202f2985c8339168ea18e468ccac5c88d8f0e03cd765b850eb6576d

  • SSDEEP

    24576:VqDEvCTbMWu7rQYlBQcBiT6rprG8a3CswWnPk71SNhDB/lJ6XRvfp:VTvC/MTQYxsWR7a3nwWn8BSjwf

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: MapViewOfSection 6 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1268
    • C:\Users\Admin\AppData\Local\Temp\445c00e14a4a3eaf7e11d2858d4c963d8ce5c31ccbdff0fb275436357d6ce5c0.exe
      "C:\Users\Admin\AppData\Local\Temp\445c00e14a4a3eaf7e11d2858d4c963d8ce5c31ccbdff0fb275436357d6ce5c0.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:2100
      • C:\Windows\SysWOW64\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\445c00e14a4a3eaf7e11d2858d4c963d8ce5c31ccbdff0fb275436357d6ce5c0.exe"
        3⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        PID:2128
    • C:\Windows\SysWOW64\write.exe
      "C:\Windows\SysWOW64\write.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:2968

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\scroll

          Filesize

          264KB

          MD5

          db6785e9322897354fe19bf85d0ac3d4

          SHA1

          40a149185c562422409a323009dde774174be772

          SHA256

          4cd0ce24b2b2e0bca5066c5469ecba0a84dbebc4f49f27f15abba3e8e49d3cfb

          SHA512

          e6e803398d25093b291f29908c6588a8f096a2e12645489ac52d2d1a52d56d482ef9d3952b80fe4b8d19472d774bc240b5e9a3c18b500ef8613a1b5d1e506077

        • memory/1268-26-0x0000000008D20000-0x0000000009635000-memory.dmp

          Filesize

          9.1MB

        • memory/1268-18-0x0000000008D20000-0x0000000009635000-memory.dmp

          Filesize

          9.1MB

        • memory/2100-11-0x0000000000150000-0x0000000000154000-memory.dmp

          Filesize

          16KB

        • memory/2128-14-0x0000000000AC0000-0x0000000000DC3000-memory.dmp

          Filesize

          3.0MB

        • memory/2128-21-0x0000000000400000-0x0000000000442000-memory.dmp

          Filesize

          264KB

        • memory/2128-16-0x0000000000400000-0x0000000000442000-memory.dmp

          Filesize

          264KB

        • memory/2128-17-0x00000000001E0000-0x0000000000204000-memory.dmp

          Filesize

          144KB

        • memory/2128-13-0x0000000000400000-0x0000000000442000-memory.dmp

          Filesize

          264KB

        • memory/2128-12-0x0000000000400000-0x0000000000442000-memory.dmp

          Filesize

          264KB

        • memory/2128-22-0x00000000001E0000-0x0000000000204000-memory.dmp

          Filesize

          144KB

        • memory/2128-15-0x0000000000400000-0x0000000000442000-memory.dmp

          Filesize

          264KB

        • memory/2968-20-0x00000000000C0000-0x00000000000FF000-memory.dmp

          Filesize

          252KB

        • memory/2968-23-0x0000000002070000-0x0000000002373000-memory.dmp

          Filesize

          3.0MB

        • memory/2968-24-0x00000000000C0000-0x00000000000FF000-memory.dmp

          Filesize

          252KB

        • memory/2968-25-0x00000000007F0000-0x0000000000893000-memory.dmp

          Filesize

          652KB

        • memory/2968-19-0x00000000000C0000-0x00000000000FF000-memory.dmp

          Filesize

          252KB

        • memory/2968-27-0x00000000000C0000-0x00000000000FF000-memory.dmp

          Filesize

          252KB

        • memory/2968-28-0x00000000007F0000-0x0000000000893000-memory.dmp

          Filesize

          652KB