e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 09:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe
Size

1.3MB
MD5

ea4dca3fd23a0fe9a3c054e0aae42357
SHA1

364c35abe66866b630eec70dde9b09210f8ef013
SHA256

e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae
SHA512

358c15099157aa4290cea3eb09571a9a6af7ccd3957df3fb80fa372dcd9144aa6f6151e133cfe74f041cae851f1d8027f2686ccb00a30cf7c8aed708e727d00a
SSDEEP

24576:7rKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPakp:7rKo4ZwCOnYjVmJPa2

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe

description	pid	process	target process
PID 336 set thread context of 1924	336	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe

pid	process
1924	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe
1924	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe
1924	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe
1924	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe
1924	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe

description	pid	process	target process
PID 336 wrote to memory of 1924	336	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe
PID 336 wrote to memory of 1924	336	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe
PID 336 wrote to memory of 1924	336	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe
PID 336 wrote to memory of 1924	336	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe
PID 336 wrote to memory of 1924	336	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe
PID 336 wrote to memory of 1924	336	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe
PID 336 wrote to memory of 1924	336	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe
PID 336 wrote to memory of 1924	336	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe
PID 336 wrote to memory of 1924	336	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe
PID 336 wrote to memory of 1924	336	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe	e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe

C:\Users\Admin\AppData\Local\Temp\e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe
"C:\Users\Admin\AppData\Local\Temp\e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:336

C:\Users\Admin\AppData\Local\Temp\e5238d9da5cc19ef007a0d1f208579eac7f161943065e6e1eea09cd6a72bcaae.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:1924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1924-132-0x0000000000000000-mapping.dmp

Download
memory/1924-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1924-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1924-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1924-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1924-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download