d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51

Analysis

max time kernel
169s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 09:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe
Size

1.2MB
MD5

2eff9123bce9551a0e649aed2f181a59
SHA1

dd86d9829b27628ec9f18552808b95b56e113fbb
SHA256

d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51
SHA512

683bcf431ed9dc3838d994b9b52f73eceb9458c5a4f908faf3d43608d340c4dcbe818879c26c6fddb447574293e51766b74d288b0a4f7d246df9a94380743fb9
SSDEEP

12288:tSGxzDKw6w2qa3LgMc8SLFDY/8LeS2899E7D3AYNACMzb7noKcxl4B6obXWRAfbo:sxw8wFDY3wE3wY6cxI6gWUbIwMLHf/1

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe

description	pid	process	target process
PID 4496 set thread context of 396	4496	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe

pid	process
396	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe
396	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe
396	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe
396	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe
396	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe

description	pid	process	target process
PID 4496 wrote to memory of 396	4496	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe
PID 4496 wrote to memory of 396	4496	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe
PID 4496 wrote to memory of 396	4496	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe
PID 4496 wrote to memory of 396	4496	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe
PID 4496 wrote to memory of 396	4496	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe
PID 4496 wrote to memory of 396	4496	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe
PID 4496 wrote to memory of 396	4496	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe
PID 4496 wrote to memory of 396	4496	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe
PID 4496 wrote to memory of 396	4496	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe
PID 4496 wrote to memory of 396	4496	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe	d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe

C:\Users\Admin\AppData\Local\Temp\d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe
"C:\Users\Admin\AppData\Local\Temp\d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4496

C:\Users\Admin\AppData\Local\Temp\d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe
"C:\Users\Admin\AppData\Local\Temp\d9a7532631febda91681e416c4f8ae66010095c4bc389fb9bb99f47320606a51.exe"
2⤵
- Suspicious use of SetWindowsHookEx
PID:396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/396-132-0x0000000000000000-mapping.dmp

Download
memory/396-133-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/396-134-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/396-135-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/396-136-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/396-137-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download