e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb

Analysis

max time kernel
160s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 09:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe
Size

1.3MB
MD5

973e526ed52da23a4580f0313e7bf5d5
SHA1

324f5d4a943687328bec7f33484105399a50feed
SHA256

e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb
SHA512

b477be73ace08c92dd2b99d637a1cd277a973a140f765bb23add5b732862d478f833b260f03346e6eecad932fd49d1f7b7bfa4f3588cea7a4b4467e1f6f2f0a6
SSDEEP

24576:jrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPak/:jrKo4ZwCOnYjVmJPa0

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe

description	pid	process	target process
PID 3156 set thread context of 3196	3156	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe

pid	process
3196	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe
3196	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe
3196	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe
3196	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe
3196	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe

description	pid	process	target process
PID 3156 wrote to memory of 3196	3156	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe
PID 3156 wrote to memory of 3196	3156	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe
PID 3156 wrote to memory of 3196	3156	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe
PID 3156 wrote to memory of 3196	3156	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe
PID 3156 wrote to memory of 3196	3156	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe
PID 3156 wrote to memory of 3196	3156	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe
PID 3156 wrote to memory of 3196	3156	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe
PID 3156 wrote to memory of 3196	3156	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe
PID 3156 wrote to memory of 3196	3156	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe
PID 3156 wrote to memory of 3196	3156	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe	e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe

C:\Users\Admin\AppData\Local\Temp\e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe
"C:\Users\Admin\AppData\Local\Temp\e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3156

C:\Users\Admin\AppData\Local\Temp\e75a136c74dc9835652f7dd45aab419cce1e246ce7123e0e1e7bb8b1bd1d1dfb.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:3196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3196-132-0x0000000000000000-mapping.dmp

Download
memory/3196-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3196-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3196-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3196-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3196-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3196-138-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download