d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce

Analysis

max time kernel
217s
max time network
249s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 09:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe
Size

1.3MB
MD5

5a5f8d55de65d602bad27d4216275f89
SHA1

b60e8e5aa95b74f3601db9af37e18142d3721d7a
SHA256

d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce
SHA512

b8eb7b455f94287bf32376d893dd1a644512eda4bb2adb9ef366b5db16158596962918c1e8f7cdb7b6e1f52c8ec02368acf7bcdb4bac1bae8bab0b42d0cc58d7
SSDEEP

24576:TrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPakE:TrKo4ZwCOnYjVmJPaz

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe

description	pid	process	target process
PID 3156 set thread context of 3092	3156	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe

pid	process
3092	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe
3092	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe
3092	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe
3092	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe
3092	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe

description	pid	process	target process
PID 3156 wrote to memory of 3092	3156	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe
PID 3156 wrote to memory of 3092	3156	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe
PID 3156 wrote to memory of 3092	3156	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe
PID 3156 wrote to memory of 3092	3156	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe
PID 3156 wrote to memory of 3092	3156	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe
PID 3156 wrote to memory of 3092	3156	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe
PID 3156 wrote to memory of 3092	3156	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe
PID 3156 wrote to memory of 3092	3156	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe
PID 3156 wrote to memory of 3092	3156	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe
PID 3156 wrote to memory of 3092	3156	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe	d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe

C:\Users\Admin\AppData\Local\Temp\d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe
"C:\Users\Admin\AppData\Local\Temp\d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3156

C:\Users\Admin\AppData\Local\Temp\d3e4ab97bdc2ed321a2a97c8aa5637786573ff114c82c0182f076bfa4dc623ce.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:3092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3092-132-0x0000000000000000-mapping.dmp

Download
memory/3092-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3092-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3092-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3092-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3092-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download