0ada54b2ef03733f3139644862a74a366bb4825226b990da5fdd44c11d0d239e | Triage

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2022, 03:01

Sharing

Report Analysis Logs

General

Target

1 .exe
Size

2.0MB
MD5

1116540b234edad1d3ebe850ed90e63a
SHA1

e13009373ef706d0d23c6ec913f1c82e69c46107
SHA256

a1bed33dc1633250d52d1c24492dcd7d0d0d044d8d4cee4ddc5228a84b017a32
SHA512

6d7c3e6475c30a278cf04a624887b119ca4a64b796e5555712252a14760f22a8b275e1a04fa425ceda35dcdadca8e1ae2e3f37e3bbce685e2abdea4022eccc77
SSDEEP

49152:6sTJRUT245Xg0t5hEhCh7Dgz5mHPDFQIuihWmBr1wqhT3+IICihuDLr:XJRUT2igychCh7Dgz5mHPDFVuqWqhT3a

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\woyooo.exe	1 .exe
File opened for modification	C:\Windows\woyooo.exe	1 .exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1488	1 .exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1488	1 .exe
1488	1 .exe
1488	1 .exe
1488	1 .exe

C:\Users\Admin\AppData\Local\Temp\1 .exe
"C:\Users\Admin\AppData\Local\Temp\1 .exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
PID:1488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1488-132-0x0000000010000000-0x0000000010035000-memory.dmp

Filesize
212KB

Download