bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85

Analysis

max time kernel
95s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 10:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe
Size

1.6MB
MD5

84af08ee2884bc6995bcd1b7e5d2ff38
SHA1

62fc11e565b6cc7f2343eb08e22fd8f5cd7fd6d5
SHA256

bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85
SHA512

21c53682e15e437e12a421c609284e99df0dd6b8f110e533883335a5af25191f90ca8c830c78d29e867d5295011c8559d91927c88dc67b58a410a67a61e4f214
SSDEEP

24576:tzD5urNhRWx2Mk4JJQByw7Imlq3g495S0PwbphrpgXXOZuv/rTWeR5j4UwJZQUY4:H6/ye0PIphrp9Zuvjqa0Uidb

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe

description	pid	process	target process
PID 488 set thread context of 684	488	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe

pid	process
684	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe
684	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe
684	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe
684	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe
684	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe

description	pid	process	target process
PID 488 wrote to memory of 684	488	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe
PID 488 wrote to memory of 684	488	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe
PID 488 wrote to memory of 684	488	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe
PID 488 wrote to memory of 684	488	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe
PID 488 wrote to memory of 684	488	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe
PID 488 wrote to memory of 684	488	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe
PID 488 wrote to memory of 684	488	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe
PID 488 wrote to memory of 684	488	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe
PID 488 wrote to memory of 684	488	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe
PID 488 wrote to memory of 684	488	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe	bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe

C:\Users\Admin\AppData\Local\Temp\bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe
"C:\Users\Admin\AppData\Local\Temp\bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:488

C:\Users\Admin\AppData\Local\Temp\bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe
"C:\Users\Admin\AppData\Local\Temp\bbc5d564a0ffe0fa608906fdf27e67ff7d3bae0e7eb7c61d3d3cc9fc2a076b85.exe"
2⤵
- Suspicious use of SetWindowsHookEx
PID:684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/684-132-0x0000000000000000-mapping.dmp

Download
memory/684-133-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/684-134-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/684-135-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/684-136-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/684-137-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/684-138-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download