104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826

Analysis

max time kernel
154s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 05:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe
Size

1.4MB
MD5

8636e52be1edb349b610c31ce152286b
SHA1

d322347774cfd57e60e01e44228a60e09e76b2a7
SHA256

104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826
SHA512

a1c8ff8488e6456b508ba60ae6ad8f9cd5ca35783fde747d09778057d6dc5c1c01203cc1967c240cc032a6eaea4edfc4e3dd2db40cd813715daf9481dba3100a
SSDEEP

24576:hKWQBT4nVU85afaniK/792DxAA4PNn0DLg78E2y2R3rh+Zx1kyF4:hNQJJ2B2WZd0DUGf3d+ZLkyC

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe

description	pid	process	target process
PID 1756 set thread context of 2552	1756	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe

pid	process
2552	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe
2552	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe
2552	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe
2552	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe
2552	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe

description	pid	process	target process
PID 1756 wrote to memory of 2552	1756	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe
PID 1756 wrote to memory of 2552	1756	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe
PID 1756 wrote to memory of 2552	1756	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe
PID 1756 wrote to memory of 2552	1756	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe
PID 1756 wrote to memory of 2552	1756	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe
PID 1756 wrote to memory of 2552	1756	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe
PID 1756 wrote to memory of 2552	1756	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe
PID 1756 wrote to memory of 2552	1756	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe
PID 1756 wrote to memory of 2552	1756	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe
PID 1756 wrote to memory of 2552	1756	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe	104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe

C:\Users\Admin\AppData\Local\Temp\104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe
"C:\Users\Admin\AppData\Local\Temp\104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Users\Admin\AppData\Local\Temp\104c4609bea9f5db7599ac7fc41641e020790092d65a7f0a2091ffb81a23a826.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2552-132-0x0000000000000000-mapping.dmp

Download
memory/2552-133-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2552-134-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2552-135-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2552-136-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2552-137-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2552-138-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download