9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da

Analysis

max time kernel
314s
max time network
365s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 11:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe
Size

1.1MB
MD5

53b5193fdb691dd0e91ac23f2f9b6062
SHA1

021efa65190602c3be45750fcf24c9ef6b055a88
SHA256

9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da
SHA512

c85175713e2988fddfc545e8b164931d95a9ed002f0c6f10ea5a8c7116d0160516764157e23fcda2b6f3c6637f549dc90210aebde8e7aa96bc744addb405d369
SSDEEP

24576:vjmOztIjpVbUJ44R/DDK2s5mNZRzOUCrA/N3rF:vqAtI704g/D3Tm03p

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe

description	pid	process	target process
PID 332 set thread context of 4648	332	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe

pid	process
4648	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe
4648	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe
4648	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe
4648	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe
4648	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe

description	pid	process	target process
PID 332 wrote to memory of 4648	332	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe
PID 332 wrote to memory of 4648	332	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe
PID 332 wrote to memory of 4648	332	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe
PID 332 wrote to memory of 4648	332	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe
PID 332 wrote to memory of 4648	332	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe
PID 332 wrote to memory of 4648	332	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe
PID 332 wrote to memory of 4648	332	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe
PID 332 wrote to memory of 4648	332	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe
PID 332 wrote to memory of 4648	332	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe
PID 332 wrote to memory of 4648	332	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe	9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe

C:\Users\Admin\AppData\Local\Temp\9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe
"C:\Users\Admin\AppData\Local\Temp\9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:332

C:\Users\Admin\AppData\Local\Temp\9fdc4eabb632e9ef86927dcf76b2462bebad6919fc502c1d770747927dac70da.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:4648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4648-132-0x0000000000000000-mapping.dmp

Download
memory/4648-133-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/4648-134-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/4648-135-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/4648-136-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/4648-137-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/4648-138-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download