010ab25cc50fd20c42e81f0e9f008c033cce51553634e3b00bcf5be183008180

Analysis

max time kernel
328s
max time network
347s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 10:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

010ab25cc50fd20c42e81f0e9f008c033cce51553634e3b00bcf5be183008180.exe
Size

484KB
MD5

5e14b3f5507e3d056b2db5002ba3dd43
SHA1

91733b4f74aa40de0b67b6249fc103663bf055e9
SHA256

010ab25cc50fd20c42e81f0e9f008c033cce51553634e3b00bcf5be183008180
SHA512

586d9bc00279d8f91ac197038362647368ae0bdb92887e6f718cc402bba7db927f6becfac343de3e73cf12627c65350ebb50c67516bb00c5c252241742f50f72
SSDEEP

12288:zoUld/f2I9JECdYW4/e4Pii15XZSAmKjlafbdDNUQ:792ILECd0R15XZS3QafpDNUQ

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

LB9c4j3K.exeaahost.exe

pid process

4504 LB9c4j3K.exe
3028 aahost.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

LB9c4j3K.exe

pid process

4504 LB9c4j3K.exe
4504 LB9c4j3K.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

010ab25cc50fd20c42e81f0e9f008c033cce51553634e3b00bcf5be183008180.exeLB9c4j3K.exeaahost.exe

pid process

4072 010ab25cc50fd20c42e81f0e9f008c033cce51553634e3b00bcf5be183008180.exe
4504 LB9c4j3K.exe
3028 aahost.exe

pid	process
4504	LB9c4j3K.exe
3028	aahost.exe

pid	process
4504	LB9c4j3K.exe
4504	LB9c4j3K.exe

pid	process
4072	010ab25cc50fd20c42e81f0e9f008c033cce51553634e3b00bcf5be183008180.exe
4504	LB9c4j3K.exe
3028	aahost.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

010ab25cc50fd20c42e81f0e9f008c033cce51553634e3b00bcf5be183008180.exe

description	pid	process	target process
PID 4072 wrote to memory of 4504	4072	010ab25cc50fd20c42e81f0e9f008c033cce51553634e3b00bcf5be183008180.exe	LB9c4j3K.exe
PID 4072 wrote to memory of 4504	4072	010ab25cc50fd20c42e81f0e9f008c033cce51553634e3b00bcf5be183008180.exe	LB9c4j3K.exe
PID 4072 wrote to memory of 4504	4072	010ab25cc50fd20c42e81f0e9f008c033cce51553634e3b00bcf5be183008180.exe	LB9c4j3K.exe
PID 4072 wrote to memory of 3028	4072	010ab25cc50fd20c42e81f0e9f008c033cce51553634e3b00bcf5be183008180.exe	aahost.exe
PID 4072 wrote to memory of 3028	4072	010ab25cc50fd20c42e81f0e9f008c033cce51553634e3b00bcf5be183008180.exe	aahost.exe
PID 4072 wrote to memory of 3028	4072	010ab25cc50fd20c42e81f0e9f008c033cce51553634e3b00bcf5be183008180.exe	aahost.exe

C:\Users\Admin\AppData\Local\Temp\010ab25cc50fd20c42e81f0e9f008c033cce51553634e3b00bcf5be183008180.exe
"C:\Users\Admin\AppData\Local\Temp\010ab25cc50fd20c42e81f0e9f008c033cce51553634e3b00bcf5be183008180.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4072

C:\Users\Admin\LB9c4j3K.exe
C:\Users\Admin\LB9c4j3K.exe
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4504

C:\Users\Admin\aahost.exe
C:\Users\Admin\aahost.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\LB9c4j3K.exe

Filesize
212KB

MD5
fa0eb2a8b561ea9afc6a51709ff0d7de

SHA1
4ef5265f5b5bb1a4857e7668f132405c799da155

SHA256
99ecfb1bb7cdb1e8dd609e60b10d5346b90284172c854b6234631212dd501c4f

SHA512
0e8b194cb0e65429b84ac32a0fa131d072f7f425804df192d7a90a7ec6eb7ce9991716ce5a9ca3bcd106181076832d5fa7d6f9cbe67fc80a427ef7980beb75c6

Download Submit
C:\Users\Admin\LB9c4j3K.exe

Filesize
212KB

MD5
fa0eb2a8b561ea9afc6a51709ff0d7de

SHA1
4ef5265f5b5bb1a4857e7668f132405c799da155

SHA256
99ecfb1bb7cdb1e8dd609e60b10d5346b90284172c854b6234631212dd501c4f

SHA512
0e8b194cb0e65429b84ac32a0fa131d072f7f425804df192d7a90a7ec6eb7ce9991716ce5a9ca3bcd106181076832d5fa7d6f9cbe67fc80a427ef7980beb75c6

Download Submit
C:\Users\Admin\aahost.exe

Filesize
140KB

MD5
93ea44e078cb0477614729636866a84b

SHA1
f9752413d48fd98a77cfce8fff04a7a0d72c26d8

SHA256
c16c3df8b6b4187e04a6abb49a15eb02ccefdce86068960ab3afeb088bf4ba27

SHA512
351bafb9dc5395a9cd1393b76cba405312a5d85a59e5b1c0e891c2de1343b2bc2765a40077e4155fbd9a5578db3be66ace35e27ff02cb32f813ba01db4fc1113

Download Submit
C:\Users\Admin\aahost.exe

Filesize
140KB

MD5
93ea44e078cb0477614729636866a84b

SHA1
f9752413d48fd98a77cfce8fff04a7a0d72c26d8

SHA256
c16c3df8b6b4187e04a6abb49a15eb02ccefdce86068960ab3afeb088bf4ba27

SHA512
351bafb9dc5395a9cd1393b76cba405312a5d85a59e5b1c0e891c2de1343b2bc2765a40077e4155fbd9a5578db3be66ace35e27ff02cb32f813ba01db4fc1113

Download Submit
memory/3028-139-0x0000000000000000-mapping.dmp

Download
memory/4504-134-0x0000000000000000-mapping.dmp

Download