a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029

Analysis

max time kernel
115s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 13:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe
Size

199KB
MD5

4f6351dd8d0967f859d1727aaf9f2f20
SHA1

3f0aceb20fdccb29691bb36b82205b5ebf349cf1
SHA256

a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029
SHA512

8e755f8c6914df4f246f64054d70d795a17eb9da30d47ed203e65577914182808f8816f16a1a9297401fb7018b0bf94f2a1914aae2554c43d373c6b8136b0596
SSDEEP

1536:jHkoQoCEePPwO5aUFgnySgHtqL5jHow5MEM8E7T4qpXcp0Ejf:jHkjQO5ZFuySgHtUTowOEo7Mq1Yxz

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1712 set thread context of 4272	1712	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	81

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe
4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 4272	1712	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	81
PID 1712 wrote to memory of 4272	1712	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	81
PID 1712 wrote to memory of 4272	1712	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	81
PID 1712 wrote to memory of 4272	1712	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	81
PID 1712 wrote to memory of 4272	1712	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	81
PID 1712 wrote to memory of 4272	1712	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	81
PID 1712 wrote to memory of 4272	1712	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	81
PID 1712 wrote to memory of 4272	1712	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	81
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47
PID 4272 wrote to memory of 2456	4272	a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe	47

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:2456
- C:\Users\Admin\AppData\Local\Temp\a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe
  "C:\Users\Admin\AppData\Local\Temp\a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:1712
- - C:\Users\Admin\AppData\Local\Temp\a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe
    "C:\Users\Admin\AppData\Local\Temp\a62f871aaa0377c1ec1ac88c44963b66f698ab09f1fd4262b0a0d79e442ed029.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1712-132-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1712-138-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/4272-134-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/4272-136-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/4272-137-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download