d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268

Analysis

max time kernel
144s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 09:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe
Size

1.3MB
MD5

efa882b2c6b5dac89333afe434fba5ff
SHA1

cc3c500cc6cffbfcd342bf828b67780873de5487
SHA256

d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268
SHA512

01e3d3b609aea00158dec2448c508670c294a6043934373e7bc32f49b6c4497f50c30aad3d24c8fdc4d33e50a91f470c94a232d235ddd6ce16b8675d8f1dc1ae
SSDEEP

24576:zrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPakV:zrKo4ZwCOnYjVmJPai

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe

description	pid	process	target process
PID 2576 set thread context of 5088	2576	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe

pid	process
5088	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe
5088	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe
5088	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe
5088	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe
5088	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe

description	pid	process	target process
PID 2576 wrote to memory of 5088	2576	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe
PID 2576 wrote to memory of 5088	2576	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe
PID 2576 wrote to memory of 5088	2576	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe
PID 2576 wrote to memory of 5088	2576	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe
PID 2576 wrote to memory of 5088	2576	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe
PID 2576 wrote to memory of 5088	2576	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe
PID 2576 wrote to memory of 5088	2576	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe
PID 2576 wrote to memory of 5088	2576	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe
PID 2576 wrote to memory of 5088	2576	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe
PID 2576 wrote to memory of 5088	2576	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe	d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe

C:\Users\Admin\AppData\Local\Temp\d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe
"C:\Users\Admin\AppData\Local\Temp\d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2576

C:\Users\Admin\AppData\Local\Temp\d9e91c054173883b34c4d9ac8807510a67cd2a22b003f335117f66c38ca8a268.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:5088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5088-132-0x0000000000000000-mapping.dmp

Download
memory/5088-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/5088-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/5088-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/5088-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/5088-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download