4d9aa8b943563b6649067b3a94bd399493f32f4c41ba4c6a4858268bd72dc292 | Triage

Analysis

max time kernel
131s
max time network
132s
platform
windows10_x64
resource
win10v200430
submitted
17/07/2020, 21:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4d9aa8b943563b6649067b3a94bd399493f32f4c41ba4c6a4858268bd72dc292.exe
Size

276KB
MD5

035c10d88e5e161fdd2956c9b8bf1305
SHA1

1691f7453d0a7f9913d7f4047be81278624c670d
SHA256

4d9aa8b943563b6649067b3a94bd399493f32f4c41ba4c6a4858268bd72dc292
SHA512

f7a43fb3235e267952cfc776c788eb72606492cb34f22c669be45de6c4ab725d81dddde73c3a108bb696e23781f8ddbe496888d65ae4e4a738f8463ce7391da4

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1740	4d9aa8b943563b6649067b3a94bd399493f32f4c41ba4c6a4858268bd72dc292.exe
1740	4d9aa8b943563b6649067b3a94bd399493f32f4c41ba4c6a4858268bd72dc292.exe
1740	4d9aa8b943563b6649067b3a94bd399493f32f4c41ba4c6a4858268bd72dc292.exe
1740	4d9aa8b943563b6649067b3a94bd399493f32f4c41ba4c6a4858268bd72dc292.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1740	4d9aa8b943563b6649067b3a94bd399493f32f4c41ba4c6a4858268bd72dc292.exe
1740	4d9aa8b943563b6649067b3a94bd399493f32f4c41ba4c6a4858268bd72dc292.exe

C:\Users\Admin\AppData\Local\Temp\4d9aa8b943563b6649067b3a94bd399493f32f4c41ba4c6a4858268bd72dc292.exe
"C:\Users\Admin\AppData\Local\Temp\4d9aa8b943563b6649067b3a94bd399493f32f4c41ba4c6a4858268bd72dc292.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1740-0-0x0000000002250000-0x000000000225C000-memory.dmp

Filesize
48KB

Download