Analysis
-
max time kernel
168s -
max time network
170s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 11:00
Static task
static1
Behavioral task
behavioral1
Sample
a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe
Resource
win10v2004-20220812-en
General
-
Target
a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe
-
Size
1.3MB
-
MD5
26335466821aaeda60284703346a791f
-
SHA1
2353b5acf3d1e3b09eb26aa40d87d9c6d4ef5a96
-
SHA256
a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294
-
SHA512
7da40e7658d3abbb7fc13eaddfa8d02f5ab3c5d74aa32f2151150d3cf07e3a04f3a3ae1ef5b8c04b298688d6b7d9c5b60d8446ba5a9fe435c36e54e76f34f348
-
SSDEEP
24576:TrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPakC:TrKo4ZwCOnYjVmJPaR
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exedescription pid process target process PID 628 set thread context of 2160 628 a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
Processes:
a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exepid process 2160 a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe 2160 a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe 2160 a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe 2160 a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe 2160 a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe -
Suspicious use of WriteProcessMemory 10 IoCs
Processes:
a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exedescription pid process target process PID 628 wrote to memory of 2160 628 a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe PID 628 wrote to memory of 2160 628 a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe PID 628 wrote to memory of 2160 628 a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe PID 628 wrote to memory of 2160 628 a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe PID 628 wrote to memory of 2160 628 a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe PID 628 wrote to memory of 2160 628 a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe PID 628 wrote to memory of 2160 628 a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe PID 628 wrote to memory of 2160 628 a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe PID 628 wrote to memory of 2160 628 a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe PID 628 wrote to memory of 2160 628 a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe"C:\Users\Admin\AppData\Local\Temp\a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:628 -
C:\Users\Admin\AppData\Local\Temp\a000a58ca709cc7000b22826af53d83f5bf9d10ace641e82ef90af0598017294.exe
- Suspicious use of SetWindowsHookEx
PID:2160
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2160-132-0x0000000000000000-mapping.dmp
-
memory/2160-134-0x0000000000400000-0x00000000004D9000-memory.dmpFilesize
868KB
-
memory/2160-133-0x0000000000400000-0x00000000004D9000-memory.dmpFilesize
868KB
-
memory/2160-135-0x0000000000400000-0x00000000004D9000-memory.dmpFilesize
868KB
-
memory/2160-136-0x0000000000400000-0x00000000004D9000-memory.dmpFilesize
868KB
-
memory/2160-137-0x0000000000400000-0x00000000004D9000-memory.dmpFilesize
868KB