d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20

Analysis

max time kernel
135s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 09:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe
Size

1.5MB
MD5

06187d66738098bb67560b70722f5b43
SHA1

2b2bc3745d0aa6f67be9d974d3762c6daa6fc9e1
SHA256

d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20
SHA512

4f04f39944d3d587beac6f21e1583122fa4c9a7306bd823af6aed8675d7d633ba1b4b84aa698f0f250f746539259f3c2f2e8e06ef52812db6377ac25a4d731fe
SSDEEP

24576:1zD5urNhRWx2Mk4JJQByw7Imlq3g495S0PwbphrpgXXOZuv/rTWeR5j4UwJZQUYq:P6/ye0PIphrp9Zuvjqa0Uid1

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe

description	pid	process	target process
PID 4716 set thread context of 1528	4716	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe

pid	process
1528	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe
1528	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe
1528	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe
1528	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe
1528	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe

description	pid	process	target process
PID 4716 wrote to memory of 1528	4716	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe
PID 4716 wrote to memory of 1528	4716	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe
PID 4716 wrote to memory of 1528	4716	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe
PID 4716 wrote to memory of 1528	4716	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe
PID 4716 wrote to memory of 1528	4716	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe
PID 4716 wrote to memory of 1528	4716	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe
PID 4716 wrote to memory of 1528	4716	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe
PID 4716 wrote to memory of 1528	4716	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe
PID 4716 wrote to memory of 1528	4716	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe
PID 4716 wrote to memory of 1528	4716	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe	d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe

C:\Users\Admin\AppData\Local\Temp\d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe
"C:\Users\Admin\AppData\Local\Temp\d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4716

C:\Users\Admin\AppData\Local\Temp\d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe
"C:\Users\Admin\AppData\Local\Temp\d06f3bb44f5a2145dfd370e906927a8be90ae7ec078642ef35cd1c7d53232e20.exe"
2⤵
- Suspicious use of SetWindowsHookEx
PID:1528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1528-132-0x0000000000000000-mapping.dmp

Download
memory/1528-133-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1528-134-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1528-135-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1528-136-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1528-137-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download