bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434

Analysis

max time kernel
133s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 06:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe
Size

1.1MB
MD5

1e976ff5fb5422469ff37c705e165042
SHA1

0f1d109fb3ea4586e6d620a5cc44df12af530bae
SHA256

bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434
SHA512

6bf2a6a499adfb587ea09aafe63c1fb6db302e315380ff3ec7eb89e0e0f8ee06d64aa2fe35378bbca9f068803220f6b8ba4ce1a665a1a31816e4a2c65a84bad1
SSDEEP

24576:yio2C4Tz86EE1by3swR9HrwNmojHuD/bsytUltKo+5+VYrle5sI:U4TzJJm9R9kFTSbNtkwo+5Vrle5h

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe

description	pid	process	target process
PID 1904 set thread context of 2252	1904	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe

pid	process
2252	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe
2252	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe
2252	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe
2252	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe
2252	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe

description	pid	process	target process
PID 1904 wrote to memory of 2252	1904	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe
PID 1904 wrote to memory of 2252	1904	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe
PID 1904 wrote to memory of 2252	1904	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe
PID 1904 wrote to memory of 2252	1904	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe
PID 1904 wrote to memory of 2252	1904	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe
PID 1904 wrote to memory of 2252	1904	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe
PID 1904 wrote to memory of 2252	1904	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe
PID 1904 wrote to memory of 2252	1904	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe
PID 1904 wrote to memory of 2252	1904	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe
PID 1904 wrote to memory of 2252	1904	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe	bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe

C:\Users\Admin\AppData\Local\Temp\bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe
"C:\Users\Admin\AppData\Local\Temp\bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1904
- C:\Users\Admin\AppData\Local\Temp\bc452d0cb6eec8f20e2c44a79b88fdce7ef32e78b13cc8e1e14fc08a447eb434.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2252-132-0x0000000000000000-mapping.dmp

Download
memory/2252-133-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/2252-134-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/2252-135-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/2252-136-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/2252-137-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download