Analysis
-
max time kernel
23s -
max time network
54s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 09:37
Static task
static1
Behavioral task
behavioral1
Sample
d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe
Resource
win10v2004-20220812-en
General
-
Target
d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe
-
Size
1.3MB
-
MD5
ebe802aa14c1f58f58d872abd2851d95
-
SHA1
73fe4397f0c4ec3329d338b8697702ef02910f7c
-
SHA256
d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08
-
SHA512
79b9339b14eec2e9383370f7e2e85c9b73ad459385e45ae663a736972a896dfe6ec43149db3d6ae9ea9871a78a44ebc28682e811a98d38e961304fe30e4f03ce
-
SSDEEP
24576:zrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPak/:zrKo4ZwCOnYjVmJPaY
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exedescription pid process target process PID 864 set thread context of 1372 864 d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe -
Processes:
d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
Processes:
d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exepid process 1372 d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe 1372 d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe 1372 d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe 1372 d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe 1372 d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exedescription pid process target process PID 864 wrote to memory of 1372 864 d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe PID 864 wrote to memory of 1372 864 d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe PID 864 wrote to memory of 1372 864 d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe PID 864 wrote to memory of 1372 864 d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe PID 864 wrote to memory of 1372 864 d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe PID 864 wrote to memory of 1372 864 d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe PID 864 wrote to memory of 1372 864 d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe PID 864 wrote to memory of 1372 864 d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe PID 864 wrote to memory of 1372 864 d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe PID 864 wrote to memory of 1372 864 d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe PID 864 wrote to memory of 1372 864 d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe"C:\Users\Admin\AppData\Local\Temp\d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:864 -
C:\Users\Admin\AppData\Local\Temp\d25a2a53208d52a02c95344ae3772d0c8b131a073f5839941bf01ddf037f7d08.exe
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1372