e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8

Analysis

max time kernel
75s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 09:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe
Size

1.6MB
MD5

e6709eb505ad2ebc9a5452af80ef342e
SHA1

6a4a98d000eba0b6a82ec4dfa0e8f5062d1fc22a
SHA256

e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8
SHA512

437531335816590848effb76974318895b644763520926911c67c0a6e13e8f9e848a026ccaf763a5cd6bf1f57d112342779e664b74d2f6fe5105f084aa113801
SSDEEP

24576:xzD5urNhRWx2Mk4JJQByw7Imlq3g495S0PwbphrpgXXOZuv/rTWeR5j4UwJZQUY:D6/ye0PIphrp9Zuvjqa0Uid

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe

description	pid	process	target process
PID 2448 set thread context of 1400	2448	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe

pid	process
1400	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe
1400	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe
1400	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe
1400	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe
1400	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe

description	pid	process	target process
PID 2448 wrote to memory of 1400	2448	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe
PID 2448 wrote to memory of 1400	2448	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe
PID 2448 wrote to memory of 1400	2448	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe
PID 2448 wrote to memory of 1400	2448	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe
PID 2448 wrote to memory of 1400	2448	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe
PID 2448 wrote to memory of 1400	2448	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe
PID 2448 wrote to memory of 1400	2448	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe
PID 2448 wrote to memory of 1400	2448	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe
PID 2448 wrote to memory of 1400	2448	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe
PID 2448 wrote to memory of 1400	2448	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe	e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe

C:\Users\Admin\AppData\Local\Temp\e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe
"C:\Users\Admin\AppData\Local\Temp\e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2448

C:\Users\Admin\AppData\Local\Temp\e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe
"C:\Users\Admin\AppData\Local\Temp\e32d123660e1058f3a2dcbd2ffa3cb313a0a6ad50738e06b777ea2c2346d60b8.exe"
2⤵
- Suspicious use of SetWindowsHookEx
PID:1400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1400-132-0x0000000000000000-mapping.dmp

Download
memory/1400-133-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1400-134-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1400-135-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1400-136-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1400-137-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1400-138-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download