Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/06/2024, 01:14

General

  • Target

    445c00e14a4a3eaf7e11d2858d4c963d8ce5c31ccbdff0fb275436357d6ce5c0.exe

  • Size

    1.2MB

  • MD5

    1dc0ef58fcd118eda3e4e6db7f790655

  • SHA1

    eeaf577a39f32004a26863b48a551e3150e1e9c6

  • SHA256

    445c00e14a4a3eaf7e11d2858d4c963d8ce5c31ccbdff0fb275436357d6ce5c0

  • SHA512

    847d484b47f9b6e603cded70bb2b921030aefb9c78673d9ef3f0106b7179cc4c468ba9cd2202f2985c8339168ea18e468ccac5c88d8f0e03cd765b850eb6576d

  • SSDEEP

    24576:VqDEvCTbMWu7rQYlBQcBiT6rprG8a3CswWnPk71SNhDB/lJ6XRvfp:VTvC/MTQYxsWR7a3nwWn8BSjwf

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 60 IoCs
  • Suspicious behavior: MapViewOfSection 6 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3400
    • C:\Users\Admin\AppData\Local\Temp\445c00e14a4a3eaf7e11d2858d4c963d8ce5c31ccbdff0fb275436357d6ce5c0.exe
      "C:\Users\Admin\AppData\Local\Temp\445c00e14a4a3eaf7e11d2858d4c963d8ce5c31ccbdff0fb275436357d6ce5c0.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:416
      • C:\Windows\SysWOW64\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\445c00e14a4a3eaf7e11d2858d4c963d8ce5c31ccbdff0fb275436357d6ce5c0.exe"
        3⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        PID:1924
    • C:\Windows\SysWOW64\write.exe
      "C:\Windows\SysWOW64\write.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:3620

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\aut4BBE.tmp

          Filesize

          264KB

          MD5

          db6785e9322897354fe19bf85d0ac3d4

          SHA1

          40a149185c562422409a323009dde774174be772

          SHA256

          4cd0ce24b2b2e0bca5066c5469ecba0a84dbebc4f49f27f15abba3e8e49d3cfb

          SHA512

          e6e803398d25093b291f29908c6588a8f096a2e12645489ac52d2d1a52d56d482ef9d3952b80fe4b8d19472d774bc240b5e9a3c18b500ef8613a1b5d1e506077

        • memory/416-12-0x0000000001F90000-0x0000000001F94000-memory.dmp

          Filesize

          16KB

        • memory/1924-17-0x0000000000400000-0x0000000000442000-memory.dmp

          Filesize

          264KB

        • memory/1924-14-0x0000000000E00000-0x000000000114A000-memory.dmp

          Filesize

          3.3MB

        • memory/1924-15-0x0000000000400000-0x0000000000442000-memory.dmp

          Filesize

          264KB

        • memory/1924-16-0x0000000000400000-0x0000000000442000-memory.dmp

          Filesize

          264KB

        • memory/1924-18-0x0000000002960000-0x0000000002984000-memory.dmp

          Filesize

          144KB

        • memory/1924-13-0x0000000000400000-0x0000000000442000-memory.dmp

          Filesize

          264KB

        • memory/1924-23-0x0000000002960000-0x0000000002984000-memory.dmp

          Filesize

          144KB

        • memory/1924-22-0x0000000000400000-0x0000000000442000-memory.dmp

          Filesize

          264KB

        • memory/3400-27-0x000000000E220000-0x000000000F9B1000-memory.dmp

          Filesize

          23.6MB

        • memory/3400-19-0x000000000E220000-0x000000000F9B1000-memory.dmp

          Filesize

          23.6MB

        • memory/3400-31-0x0000000002F60000-0x0000000003058000-memory.dmp

          Filesize

          992KB

        • memory/3400-30-0x0000000002F60000-0x0000000003058000-memory.dmp

          Filesize

          992KB

        • memory/3620-21-0x0000000000530000-0x000000000056F000-memory.dmp

          Filesize

          252KB

        • memory/3620-26-0x0000000002530000-0x00000000025D3000-memory.dmp

          Filesize

          652KB

        • memory/3620-25-0x0000000000530000-0x000000000056F000-memory.dmp

          Filesize

          252KB

        • memory/3620-28-0x0000000000530000-0x000000000056F000-memory.dmp

          Filesize

          252KB

        • memory/3620-24-0x0000000002630000-0x000000000297A000-memory.dmp

          Filesize

          3.3MB

        • memory/3620-20-0x0000000000530000-0x000000000056F000-memory.dmp

          Filesize

          252KB