07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35

Analysis

max time kernel
139s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 06:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe
Size

1.4MB
MD5

bd047bee2da8b1c69ccb4cc4dd6fd726
SHA1

a01f59482f36d5e51866e3471d234f7fb197f5e2
SHA256

07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35
SHA512

798103df2eff38469770dde3a7d15906b08a0526643f2b89112bfc49b49484d0ebc35fb78477af7c08cf59a8c20958574ef6ef005887fb5c9aadebe38e8a55c2
SSDEEP

24576:xrK6dClXmekxlm1dl4r260n4dz0as5jc3AZ1COwiUP/5lq8Aa:xrBew72604doSw6ew5

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe

description	pid	process	target process
PID 4792 set thread context of 1932	4792	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe

pid	process
1932	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe
1932	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe
1932	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe
1932	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe
1932	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe

description	pid	process	target process
PID 4792 wrote to memory of 1932	4792	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe
PID 4792 wrote to memory of 1932	4792	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe
PID 4792 wrote to memory of 1932	4792	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe
PID 4792 wrote to memory of 1932	4792	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe
PID 4792 wrote to memory of 1932	4792	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe
PID 4792 wrote to memory of 1932	4792	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe
PID 4792 wrote to memory of 1932	4792	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe
PID 4792 wrote to memory of 1932	4792	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe
PID 4792 wrote to memory of 1932	4792	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe
PID 4792 wrote to memory of 1932	4792	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe	07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe

C:\Users\Admin\AppData\Local\Temp\07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe
"C:\Users\Admin\AppData\Local\Temp\07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4792

C:\Users\Admin\AppData\Local\Temp\07707fa001059a0bd44654d97f0328bb47a1787989d294dbffdbfaef0fcc6a35.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:1932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1932-132-0x0000000000000000-mapping.dmp

Download
memory/1932-134-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1932-133-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1932-135-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1932-136-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1932-137-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download