7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 06:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe
Size

1.1MB
MD5

628fa9fdcc012891cd8e81f7a596421b
SHA1

3584084d420a43044d334a61e603097659bb59bc
SHA256

7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807
SHA512

6eec98a3bdb4af295cf7cd63ed03da2a874d8c7e5fc532c6cb520a3fce6d79fdec4a2d17450334a68e9ba48758a28ac7d8dd1158ab0bf15b6344d2e614265d42
SSDEEP

24576:Cio2C4Tz86EE1by3swR9HrwNmojHuD/bsytUltKo+5+VYrle5s/:E4TzJJm9R9kFTSbNtkwo+5Vrle5C

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe

description	pid	process	target process
PID 4604 set thread context of 3460	4604	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe

pid	process
3460	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe
3460	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe
3460	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe
3460	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe
3460	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe

description	pid	process	target process
PID 4604 wrote to memory of 3460	4604	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe
PID 4604 wrote to memory of 3460	4604	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe
PID 4604 wrote to memory of 3460	4604	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe
PID 4604 wrote to memory of 3460	4604	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe
PID 4604 wrote to memory of 3460	4604	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe
PID 4604 wrote to memory of 3460	4604	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe
PID 4604 wrote to memory of 3460	4604	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe
PID 4604 wrote to memory of 3460	4604	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe
PID 4604 wrote to memory of 3460	4604	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe
PID 4604 wrote to memory of 3460	4604	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe	7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe

C:\Users\Admin\AppData\Local\Temp\7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe
"C:\Users\Admin\AppData\Local\Temp\7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4604

C:\Users\Admin\AppData\Local\Temp\7cf560ca15cb59ce1cb1d87607250223a4764e8ed2c471e528106f94a56bd807.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:3460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3460-132-0x0000000000000000-mapping.dmp

Download
memory/3460-133-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/3460-134-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/3460-135-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/3460-136-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/3460-137-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download