ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff

Analysis

max time kernel
298s
max time network
390s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 09:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe
Size

1.3MB
MD5

d87f13e8d5f1f00b53c2da978719d0f1
SHA1

710c3cdf44943a51f1d3cd2dd0b54c5c27847460
SHA256

ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff
SHA512

9f726496c10d7011902fc17a92b6c2e7a50f706b76f90fd817de508dd56016c65742d7b7f326374091787664e1447b2db110ee4752460771a7d8011e92bbdd51
SSDEEP

24576:TrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPak9:TrKo4ZwCOnYjVmJPaS

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe

description	pid	process	target process
PID 4776 set thread context of 4144	4776	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe

pid	process
4144	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe
4144	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe
4144	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe
4144	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe
4144	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe

description	pid	process	target process
PID 4776 wrote to memory of 4144	4776	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe
PID 4776 wrote to memory of 4144	4776	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe
PID 4776 wrote to memory of 4144	4776	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe
PID 4776 wrote to memory of 4144	4776	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe
PID 4776 wrote to memory of 4144	4776	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe
PID 4776 wrote to memory of 4144	4776	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe
PID 4776 wrote to memory of 4144	4776	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe
PID 4776 wrote to memory of 4144	4776	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe
PID 4776 wrote to memory of 4144	4776	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe
PID 4776 wrote to memory of 4144	4776	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe	ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe

C:\Users\Admin\AppData\Local\Temp\ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe
"C:\Users\Admin\AppData\Local\Temp\ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4776

C:\Users\Admin\AppData\Local\Temp\ce3f372cfc7708db4cc90c8230f007b21ae5513e9d4dcf689de9d0340d84d9ff.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:4144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4144-132-0x0000000000000000-mapping.dmp

Download
memory/4144-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4144-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4144-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4144-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4144-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download