c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c

Analysis

max time kernel
233s
max time network
243s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 06:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe
Size

1.1MB
MD5

b589dab46e6d39cd179cb77ccb5e11f4
SHA1

5c30f23d97dbe6eef65a8131be8f116fe3dd5910
SHA256

c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c
SHA512

af98b412fda3b1373e066345d740edc02bbc61d03729b9d0eb3b5880fe1e6d22285790443e89a7c43ce140af729c11b72985f5f66fdcbbfc46c64860bed056db
SSDEEP

24576:yio2C4Tz86EE1by3swR9HrwNmojHuD/bsytUltKo+5+VYrle5s+:U4TzJJm9R9kFTSbNtkwo+5Vrle53

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe

description	pid	process	target process
PID 4508 set thread context of 3716	4508	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe

pid	process
3716	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe
3716	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe
3716	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe
3716	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe
3716	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe

description	pid	process	target process
PID 4508 wrote to memory of 3716	4508	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe
PID 4508 wrote to memory of 3716	4508	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe
PID 4508 wrote to memory of 3716	4508	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe
PID 4508 wrote to memory of 3716	4508	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe
PID 4508 wrote to memory of 3716	4508	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe
PID 4508 wrote to memory of 3716	4508	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe
PID 4508 wrote to memory of 3716	4508	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe
PID 4508 wrote to memory of 3716	4508	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe
PID 4508 wrote to memory of 3716	4508	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe
PID 4508 wrote to memory of 3716	4508	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe	c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe

C:\Users\Admin\AppData\Local\Temp\c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe
"C:\Users\Admin\AppData\Local\Temp\c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4508

C:\Users\Admin\AppData\Local\Temp\c49159bf527f51569320d7ed5c132814b2c679265cda12d30139989a8310394c.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:3716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3716-132-0x0000000000000000-mapping.dmp

Download
memory/3716-133-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/3716-134-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/3716-135-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/3716-136-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/3716-137-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/3716-138-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download