02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 06:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe
Size

1.4MB
MD5

3f1e9fbfe3ab40009e40c3081606ad33
SHA1

068f14d6feb9e568d237f5143e1115feabf5106b
SHA256

02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727
SHA512

52f31cb3c730b8a4d0e50aa876561230475cfc33efe0f2f005206a09662c5ded8cf3edb9544ce50455bcb2ca1d62b031ebbfe8d5fa4a7b6874495664566d752d
SSDEEP

24576:RrK6dClXmekxlm1dl4r260n4dz0as5jc3AZ1COwiUP/5lq8Ak:RrBew72604doSw6ewf

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe

description	pid	process	target process
PID 1876 set thread context of 4964	1876	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe

pid	process
4964	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe
4964	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe
4964	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe
4964	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe
4964	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe

description	pid	process	target process
PID 1876 wrote to memory of 4964	1876	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe
PID 1876 wrote to memory of 4964	1876	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe
PID 1876 wrote to memory of 4964	1876	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe
PID 1876 wrote to memory of 4964	1876	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe
PID 1876 wrote to memory of 4964	1876	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe
PID 1876 wrote to memory of 4964	1876	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe
PID 1876 wrote to memory of 4964	1876	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe
PID 1876 wrote to memory of 4964	1876	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe
PID 1876 wrote to memory of 4964	1876	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe
PID 1876 wrote to memory of 4964	1876	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe	02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe

C:\Users\Admin\AppData\Local\Temp\02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe
"C:\Users\Admin\AppData\Local\Temp\02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1876

C:\Users\Admin\AppData\Local\Temp\02d292bfe69c0b6257936cd91eee3a63779c82c0ec7b3d5c1426d15dd9d0c727.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:4964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4964-132-0x0000000000000000-mapping.dmp

Download
memory/4964-133-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/4964-134-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/4964-135-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/4964-136-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/4964-137-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download