bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7

Analysis

max time kernel
153s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 10:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe
Size

1.6MB
MD5

d4e780cfac4344b91d036e33277cb941
SHA1

158000f4d20cf356a57afcd862bbc2e7787f4069
SHA256

bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7
SHA512

da96478cc9aad6cef4c4d84ce1c2cecc89a6b9f4a0d754fef50759da75a4a3592b72131d8f3433c083656d03b03cddaf8267713b4c9eaea78b9762884d72cc44
SSDEEP

24576:NzD5urNhRWx2Mk4JJQByw7Imlq3g495S0PwbphrpgXXOZuv/rTWeR5j4UwJZQUY:n6/ye0PIphrp9Zuvjqa0Uid

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe

description	pid	process	target process
PID 3780 set thread context of 4740	3780	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe

pid	process
4740	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe
4740	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe
4740	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe
4740	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe
4740	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe

description	pid	process	target process
PID 3780 wrote to memory of 4740	3780	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe
PID 3780 wrote to memory of 4740	3780	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe
PID 3780 wrote to memory of 4740	3780	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe
PID 3780 wrote to memory of 4740	3780	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe
PID 3780 wrote to memory of 4740	3780	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe
PID 3780 wrote to memory of 4740	3780	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe
PID 3780 wrote to memory of 4740	3780	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe
PID 3780 wrote to memory of 4740	3780	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe
PID 3780 wrote to memory of 4740	3780	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe
PID 3780 wrote to memory of 4740	3780	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe	bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe

C:\Users\Admin\AppData\Local\Temp\bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe
"C:\Users\Admin\AppData\Local\Temp\bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3780

C:\Users\Admin\AppData\Local\Temp\bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe
"C:\Users\Admin\AppData\Local\Temp\bf7cc8c6d422a040215b27d8602d89f3bd0ffba0df57ab6bc3862fd0c304c8f7.exe"
2⤵
- Suspicious use of SetWindowsHookEx
PID:4740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4740-132-0x0000000000000000-mapping.dmp

Download
memory/4740-133-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/4740-134-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/4740-135-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/4740-136-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/4740-137-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/4740-138-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download