15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede

Analysis

max time kernel
187s
max time network
221s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 23:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe
Size

1.3MB
MD5

7e704738104a68c38e1af1787cda8a4d
SHA1

488d84218943a8dfc26b025f10c110a62719f313
SHA256

15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede
SHA512

41d246949a7fd12d0a33315defe31031117d0ff98eea4fb2ff81c10b3c50e52ba2814fc75a08107bb764c0db4cf190340068a79894fe601fe8de2e406f5da6d3
SSDEEP

24576:YOiZzDXGLFP53UG7bL1HohIE6BvRx0GOb/4+a0q3bhAqtxe9T:xi1DWLFP53UGe76x0ZUphdtw

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe

description	pid	process	target process
PID 4600 set thread context of 2468	4600	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe

pid	process
2468	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe
2468	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe
2468	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe
2468	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe
2468	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe

description	pid	process	target process
PID 4600 wrote to memory of 2468	4600	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe
PID 4600 wrote to memory of 2468	4600	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe
PID 4600 wrote to memory of 2468	4600	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe
PID 4600 wrote to memory of 2468	4600	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe
PID 4600 wrote to memory of 2468	4600	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe
PID 4600 wrote to memory of 2468	4600	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe
PID 4600 wrote to memory of 2468	4600	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe
PID 4600 wrote to memory of 2468	4600	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe
PID 4600 wrote to memory of 2468	4600	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe
PID 4600 wrote to memory of 2468	4600	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe	15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe

C:\Users\Admin\AppData\Local\Temp\15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe
"C:\Users\Admin\AppData\Local\Temp\15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4600

C:\Users\Admin\AppData\Local\Temp\15c7bac2d101213528b949e9308722d4704808730fe6d0c6af7d083f4126cede.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:2468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2468-132-0x0000000000000000-mapping.dmp

Download
memory/2468-133-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2468-134-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2468-135-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2468-136-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2468-137-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2468-138-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download