00725a01934a451cc96025ebb7110c2f3b32bbf3e5e14e9038b8d0d61fed4d90

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03-07-2024 14:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bank Details-Confirmation.exe
Size

826KB
MD5

8c8a7d96add40033d1fe86c47a4bdc96
SHA1

d5bcaaed0c7ac5acab2d82b863c20e23fb5b9b85
SHA256

49cbb84d280d8235901292f594525b5ed2a5ccd3f708bb0483548f67c35cd4e8
SHA512

4701680298199a6d133534594d4cac2a9c7072f7b6335894a95f30fcbb93e7b1d4c09bca22ce6451169074e85ed7b3d49be5a6dda9e62e696c2a08c3349666a8
SSDEEP

12288:flGi6JNf+wcTXxIj3Kt5LP4vhnDcvgYEh66pr7IBINsTUty47U9zgV22oh1Il6:UhJ6tIjKj2IRA6Q/IK+UA

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2324 set thread context of 3948	2324	Bank Details-Confirmation.exe	81

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3948	RegSvcs.exe
3948	RegSvcs.exe
3948	RegSvcs.exe
3948	RegSvcs.exe
3948	RegSvcs.exe
3948	RegSvcs.exe
3948	RegSvcs.exe
3948	RegSvcs.exe
3948	RegSvcs.exe
3948	RegSvcs.exe
3948	RegSvcs.exe
3948	RegSvcs.exe
3948	RegSvcs.exe
3948	RegSvcs.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 3948	2324	Bank Details-Confirmation.exe	81
PID 2324 wrote to memory of 3948	2324	Bank Details-Confirmation.exe	81
PID 2324 wrote to memory of 3948	2324	Bank Details-Confirmation.exe	81
PID 2324 wrote to memory of 3948	2324	Bank Details-Confirmation.exe	81
PID 2324 wrote to memory of 3948	2324	Bank Details-Confirmation.exe	81
PID 2324 wrote to memory of 3948	2324	Bank Details-Confirmation.exe	81

C:\Users\Admin\AppData\Local\Temp\Bank Details-Confirmation.exe
"C:\Users\Admin\AppData\Local\Temp\Bank Details-Confirmation.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2324-8-0x0000000005610000-0x000000000561C000-memory.dmp

Filesize
48KB

Download
memory/2324-4-0x0000000005050000-0x000000000505A000-memory.dmp

Filesize
40KB

Download
memory/2324-0-0x000000007464E000-0x000000007464F000-memory.dmp

Filesize
4KB

Download
memory/2324-3-0x0000000005070000-0x0000000005102000-memory.dmp

Filesize
584KB

Download
memory/2324-9-0x000000000D390000-0x000000000D41A000-memory.dmp

Filesize
552KB

Download
memory/2324-5-0x0000000074640000-0x0000000074DF0000-memory.dmp

Filesize
7.7MB

Download
memory/2324-6-0x00000000055D0000-0x00000000055EA000-memory.dmp

Filesize
104KB

Download
memory/2324-10-0x0000000010BB0000-0x0000000010C4C000-memory.dmp

Filesize
624KB

Download
memory/2324-2-0x0000000005620000-0x0000000005BC4000-memory.dmp

Filesize
5.6MB

Download
memory/2324-1-0x0000000000580000-0x0000000000654000-memory.dmp

Filesize
848KB

Download
memory/2324-7-0x0000000005600000-0x0000000005608000-memory.dmp

Filesize
32KB

Download
memory/2324-14-0x0000000074640000-0x0000000074DF0000-memory.dmp

Filesize
7.7MB

Download
memory/3948-13-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3948-11-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3948-15-0x0000000001870000-0x0000000001BBA000-memory.dmp

Filesize
3.3MB

Download
memory/3948-16-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/3948-17-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download