Analysis
-
max time kernel
153s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 10:09
Static task
static1
Behavioral task
behavioral1
Sample
beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe
Resource
win10v2004-20221111-en
General
-
Target
beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe
-
Size
1.6MB
-
MD5
979e31f3a76739f4c180cd1cc71b8c21
-
SHA1
2041844cd482a8035c4bbea7e5c0f37f2943938a
-
SHA256
beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850
-
SHA512
6e413321dd55e811f256be321435fc4d5429ffd580388db6af4b8063b7217710cca9235b811420675402704f209be17e70629d84c6d7288040d8b8c2fa366611
-
SSDEEP
24576:NzD5urNhRWx2Mk4JJQByw7Imlq3g495S0PwbphrpgXXOZuv/rTWeR5j4UwJZQUYH:n6/ye0PIphrp9Zuvjqa0Uidw
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exedescription pid process target process PID 4912 set thread context of 2904 4912 beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
Processes:
beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exepid process 2904 beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe 2904 beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe 2904 beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe 2904 beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe 2904 beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe -
Suspicious use of WriteProcessMemory 10 IoCs
Processes:
beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exedescription pid process target process PID 4912 wrote to memory of 2904 4912 beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe PID 4912 wrote to memory of 2904 4912 beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe PID 4912 wrote to memory of 2904 4912 beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe PID 4912 wrote to memory of 2904 4912 beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe PID 4912 wrote to memory of 2904 4912 beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe PID 4912 wrote to memory of 2904 4912 beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe PID 4912 wrote to memory of 2904 4912 beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe PID 4912 wrote to memory of 2904 4912 beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe PID 4912 wrote to memory of 2904 4912 beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe PID 4912 wrote to memory of 2904 4912 beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe"C:\Users\Admin\AppData\Local\Temp\beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4912 -
C:\Users\Admin\AppData\Local\Temp\beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe"C:\Users\Admin\AppData\Local\Temp\beb418cf05d36fa8685b4175611c5a5a1bd12ef62400108d1fccdf78c9838850.exe"2⤵
- Suspicious use of SetWindowsHookEx
PID:2904