134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8

Analysis

max time kernel
161s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 06:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe
Size

1.1MB
MD5

c0c62b6869e96f0298e0c9e7c3a22dbe
SHA1

7ef6515a9b9aaab5f2616d61f2990ccc574219ae
SHA256

134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8
SHA512

6afdf397aeda8d1b22619155aa28f794fe1a7f04e3abd942a3103cd5805984f53889668f897f266868b63e492498d4a86012db23608da2a6bfc8cc329086abb6
SSDEEP

24576:iio2C4Tz86EE1by3swR9HrwNmojHuD/bsytUltKo+5+VYrle5se:k4TzJJm9R9kFTSbNtkwo+5Vrle5T

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe

description	pid	process	target process
PID 4752 set thread context of 4508	4752	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe

pid	process
4508	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe
4508	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe
4508	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe
4508	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe
4508	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe

description	pid	process	target process
PID 4752 wrote to memory of 4508	4752	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe
PID 4752 wrote to memory of 4508	4752	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe
PID 4752 wrote to memory of 4508	4752	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe
PID 4752 wrote to memory of 4508	4752	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe
PID 4752 wrote to memory of 4508	4752	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe
PID 4752 wrote to memory of 4508	4752	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe
PID 4752 wrote to memory of 4508	4752	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe
PID 4752 wrote to memory of 4508	4752	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe
PID 4752 wrote to memory of 4508	4752	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe
PID 4752 wrote to memory of 4508	4752	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe	134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe

C:\Users\Admin\AppData\Local\Temp\134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe
"C:\Users\Admin\AppData\Local\Temp\134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4752

C:\Users\Admin\AppData\Local\Temp\134b0d5e48bff635032a72cb85151667594ffdd57078c6f0e10f7e08af7b6de8.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:4508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4508-133-0x0000000000000000-mapping.dmp

Download
memory/4508-134-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/4508-135-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/4508-136-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/4508-137-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/4508-138-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download