b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204

Analysis

max time kernel
136s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 06:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe
Size

1.1MB
MD5

aeb05fae9d4f411009a47b9cd4150380
SHA1

14c73c7ca693fa6070fb839fb97198263043b3d1
SHA256

b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204
SHA512

b53e3b8d855ac249570e9caa3d39591a9af96c9d6b9c16dd12b7ce4d78f915a7f91e32da2ec21311354ec2d331738320ee546340a9c8c0b708baa89ff2310c17
SSDEEP

24576:yio2C4Tz86EE1by3swR9HrwNmojHuD/bsytUltKo+5+VYrle5sO:U4TzJJm9R9kFTSbNtkwo+5Vrle57

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe

description	pid	process	target process
PID 4812 set thread context of 404	4812	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe

pid	process
404	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe
404	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe
404	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe
404	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe
404	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe

description	pid	process	target process
PID 4812 wrote to memory of 404	4812	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe
PID 4812 wrote to memory of 404	4812	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe
PID 4812 wrote to memory of 404	4812	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe
PID 4812 wrote to memory of 404	4812	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe
PID 4812 wrote to memory of 404	4812	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe
PID 4812 wrote to memory of 404	4812	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe
PID 4812 wrote to memory of 404	4812	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe
PID 4812 wrote to memory of 404	4812	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe
PID 4812 wrote to memory of 404	4812	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe
PID 4812 wrote to memory of 404	4812	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe	b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe

C:\Users\Admin\AppData\Local\Temp\b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe
"C:\Users\Admin\AppData\Local\Temp\b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4812

C:\Users\Admin\AppData\Local\Temp\b42902da2ff001bc07e01d23b541e89d63f489086c74016be33ee6c500643204.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/404-132-0x0000000000000000-mapping.dmp

Download
memory/404-133-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/404-134-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/404-135-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/404-136-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/404-137-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download