c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d

Analysis

max time kernel
171s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 10:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe
Size

1.3MB
MD5

80ef9b8032275183dee025655ee44d8f
SHA1

a7cea2e412787f809f7692288e45dec755c4588d
SHA256

c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d
SHA512

94d50bb33c68cad58270505ac4ef2b6fc387717baed8c3e2030ce50e4ff3263ff88f8e243407df2f56c13b22dd0546b7771bf084bf523298bf161eac9773f1e0
SSDEEP

24576:TrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPakh:TrKo4ZwCOnYjVmJPa6

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe

description	pid	process	target process
PID 1080 set thread context of 4628	1080	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe

pid	process
4628	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe
4628	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe
4628	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe
4628	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe
4628	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe

description	pid	process	target process
PID 1080 wrote to memory of 4628	1080	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe
PID 1080 wrote to memory of 4628	1080	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe
PID 1080 wrote to memory of 4628	1080	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe
PID 1080 wrote to memory of 4628	1080	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe
PID 1080 wrote to memory of 4628	1080	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe
PID 1080 wrote to memory of 4628	1080	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe
PID 1080 wrote to memory of 4628	1080	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe
PID 1080 wrote to memory of 4628	1080	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe
PID 1080 wrote to memory of 4628	1080	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe
PID 1080 wrote to memory of 4628	1080	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe	c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe

C:\Users\Admin\AppData\Local\Temp\c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe
"C:\Users\Admin\AppData\Local\Temp\c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1080

C:\Users\Admin\AppData\Local\Temp\c06ccd4838d34401c50efded7863a06400d9bdf4d6bf12f4ee81c0f3bbcf5e6d.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:4628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4628-132-0x0000000000000000-mapping.dmp

Download
memory/4628-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4628-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4628-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4628-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4628-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download