4531a1efd815df17d3a6f247d0850ab5e510de2345723e41c062716e65df686e | Triage

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 14:03

Sharing

Report Analysis Logs

General

Target

unturnedHack.exe
Size

4.1MB
MD5

c5293ff604e4231fdffaa092fd7c5ca8
SHA1

9e8aeb9ec19b8a6d534360883188872a257bb337
SHA256

4531a1efd815df17d3a6f247d0850ab5e510de2345723e41c062716e65df686e
SHA512

57a64316ac3944a4050853f491b85b373fc9e5f393c868d20243fcf1dfda4e733a61cf0348b7e0be25e7b880e49373131c500b5f91e7eb0c345957e070ad5fc9
SSDEEP

49152:Xl4UjB0jUudKphZByreh+Woao/OZa8XLh+4vBTVlz8svA:14UjKgu8A

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2816 set thread context of 2932	2816	unturnedHack.exe	30

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 2932	2816	unturnedHack.exe	30
PID 2816 wrote to memory of 2932	2816	unturnedHack.exe	30
PID 2816 wrote to memory of 2932	2816	unturnedHack.exe	30
PID 2816 wrote to memory of 2932	2816	unturnedHack.exe	30

C:\Users\Admin\AppData\Local\Temp\unturnedHack.exe
"C:\Users\Admin\AppData\Local\Temp\unturnedHack.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Users\Admin\AppData\Local\Temp\unturnedHack.exe
  "C:\Users\Admin\AppData\Local\Temp\unturnedHack.exe"
  2⤵
  PID:2932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2932-2-0x000007FFFFFD9000-0x000007FFFFFDA000-memory.dmp

Filesize
4KB

Download