d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711

Analysis

max time kernel
177s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 09:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe
Size

1.3MB
MD5

017d5009ca44d61d76151dc9fb0c3121
SHA1

cc1f5d9c62c74775fb706ba36ac4537fcb735409
SHA256

d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711
SHA512

2a344596909695b4650bb88612e1faf97699a0eb63898d9651784d638eba09568a21862b701b375612e7a33cbe7ed8406857eca3a7b173d2514505d3d909f790
SSDEEP

24576:TrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPakg:TrKo4ZwCOnYjVmJPaL

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe

description	pid	process	target process
PID 2888 set thread context of 4060	2888	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe

pid	process
4060	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe
4060	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe
4060	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe
4060	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe
4060	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe

description	pid	process	target process
PID 2888 wrote to memory of 4060	2888	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe
PID 2888 wrote to memory of 4060	2888	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe
PID 2888 wrote to memory of 4060	2888	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe
PID 2888 wrote to memory of 4060	2888	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe
PID 2888 wrote to memory of 4060	2888	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe
PID 2888 wrote to memory of 4060	2888	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe
PID 2888 wrote to memory of 4060	2888	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe
PID 2888 wrote to memory of 4060	2888	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe
PID 2888 wrote to memory of 4060	2888	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe
PID 2888 wrote to memory of 4060	2888	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe	d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe

C:\Users\Admin\AppData\Local\Temp\d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe
"C:\Users\Admin\AppData\Local\Temp\d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2888

C:\Users\Admin\AppData\Local\Temp\d7fb85f0bc8ee2765527d81359e911d22d1ba24b2e94eff1a2bdf236ab6f4711.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:4060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4060-132-0x0000000000000000-mapping.dmp

Download
memory/4060-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4060-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4060-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4060-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4060-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download