c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b

Analysis

max time kernel
55s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 09:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe
Size

1.3MB
MD5

60bc63ec6af1039bffd6a232240875a6
SHA1

8df9a15be28ba6f8dafacac1a32542d7eb2c5e83
SHA256

c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b
SHA512

dcf07042391c0db0a4c0e2bc74df045cda1852a1d2803eb2327ad02c31714e6f832980502b5138f17aef227179748169688ae137989fa26cfa02230da3334513
SSDEEP

24576:7rKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPako:7rKo4ZwCOnYjVmJPaf

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe

description	pid	process	target process
PID 4808 set thread context of 2224	4808	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe

pid	process
2224	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe
2224	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe
2224	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe
2224	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe
2224	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe

description	pid	process	target process
PID 4808 wrote to memory of 2224	4808	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe
PID 4808 wrote to memory of 2224	4808	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe
PID 4808 wrote to memory of 2224	4808	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe
PID 4808 wrote to memory of 2224	4808	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe
PID 4808 wrote to memory of 2224	4808	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe
PID 4808 wrote to memory of 2224	4808	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe
PID 4808 wrote to memory of 2224	4808	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe
PID 4808 wrote to memory of 2224	4808	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe
PID 4808 wrote to memory of 2224	4808	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe
PID 4808 wrote to memory of 2224	4808	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe	c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe

C:\Users\Admin\AppData\Local\Temp\c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe
"C:\Users\Admin\AppData\Local\Temp\c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4808

C:\Users\Admin\AppData\Local\Temp\c6b56775ae40b6c215183f304525356f3e4a499c6f08cc655a9d8f0a4467cb1b.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2224-132-0x0000000000000000-mapping.dmp

Download
memory/2224-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/2224-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/2224-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/2224-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/2224-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/2224-138-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download