Analysis
-
max time kernel
41s -
max time network
47s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
04-07-2024 08:11
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
9cc0e7d568d15f8f23b06c68ad71be62.exe
Resource
win7-20240508-en
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
9cc0e7d568d15f8f23b06c68ad71be62.exe
Resource
win10v2004-20240508-en
2 signatures
150 seconds
General
-
Target
9cc0e7d568d15f8f23b06c68ad71be62.exe
-
Size
8.3MB
-
MD5
9cc0e7d568d15f8f23b06c68ad71be62
-
SHA1
d7b6c018c99448014fe6199244956eafb69405d3
-
SHA256
a173db1e8568fc4b00f326d52af0fea19c59639c486d9975589edfd8f1a11da1
-
SHA512
2483ecb55bd3f126e6229d6dd19a6325430fed845a92294851b3915523a2df4f58fc253a9bedb22841c7c21c3ae54721d940b9cd0b652217a7482205d48dea45
-
SSDEEP
49152:m5N3NXi7s9xkBT9zBalvjBcnSUfTfXVguobKavEeWL7jC5EEfXckQcnt1Ng8Gs8a:ZsrQ9QefrXVgNGkNEEfX2Hc
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
9cc0e7d568d15f8f23b06c68ad71be62.exedescription pid process target process PID 796 set thread context of 4824 796 9cc0e7d568d15f8f23b06c68ad71be62.exe BitLockerToGo.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
9cc0e7d568d15f8f23b06c68ad71be62.exedescription pid process target process PID 796 wrote to memory of 4824 796 9cc0e7d568d15f8f23b06c68ad71be62.exe BitLockerToGo.exe PID 796 wrote to memory of 4824 796 9cc0e7d568d15f8f23b06c68ad71be62.exe BitLockerToGo.exe PID 796 wrote to memory of 4824 796 9cc0e7d568d15f8f23b06c68ad71be62.exe BitLockerToGo.exe PID 796 wrote to memory of 4824 796 9cc0e7d568d15f8f23b06c68ad71be62.exe BitLockerToGo.exe PID 796 wrote to memory of 4824 796 9cc0e7d568d15f8f23b06c68ad71be62.exe BitLockerToGo.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\9cc0e7d568d15f8f23b06c68ad71be62.exe"C:\Users\Admin\AppData\Local\Temp\9cc0e7d568d15f8f23b06c68ad71be62.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:796 -
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeC:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe2⤵PID:4824