00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6

Analysis

max time kernel
145s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 06:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe
Size

1.4MB
MD5

7b137d07ce8c88f66fbb186395de3f28
SHA1

947ed0c7b9d5f744ad8a2545eae107cc12aad8df
SHA256

00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6
SHA512

f91134360107a0951be955e2e73fc8781ec1983221519c2be90433b5c2fe317111396c8f15bbba1c2516c775e281d77939ef3504c473a4bc69d5b2a95559937b
SSDEEP

24576:hrK6dClXmekxlm1dl4r260n4dz0as5jc3AZ1COwiUP/5lq8AK:hrBew72604doSw6ewN

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe

description	pid	process	target process
PID 632 set thread context of 2552	632	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe

pid	process
2552	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe
2552	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe
2552	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe
2552	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe
2552	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe

description	pid	process	target process
PID 632 wrote to memory of 2552	632	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe
PID 632 wrote to memory of 2552	632	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe
PID 632 wrote to memory of 2552	632	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe
PID 632 wrote to memory of 2552	632	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe
PID 632 wrote to memory of 2552	632	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe
PID 632 wrote to memory of 2552	632	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe
PID 632 wrote to memory of 2552	632	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe
PID 632 wrote to memory of 2552	632	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe
PID 632 wrote to memory of 2552	632	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe
PID 632 wrote to memory of 2552	632	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe	00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe

C:\Users\Admin\AppData\Local\Temp\00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe
"C:\Users\Admin\AppData\Local\Temp\00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:632

C:\Users\Admin\AppData\Local\Temp\00a960e29798e619132db18efa602661576e44e3798ab30a690844cb85c884c6.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:2552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2552-132-0x0000000000000000-mapping.dmp

Download
memory/2552-133-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2552-134-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2552-135-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2552-136-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2552-137-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download