ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54

Analysis

max time kernel
191s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 10:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe
Size

1.3MB
MD5

1e06064801bbae133de50a636cb8bd48
SHA1

b551197376eddab6056cc6370efa5a8140e01b79
SHA256

ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54
SHA512

a2af9dfdcb5e4ab2fc4afd508242b2a8609bdd0804725fa9f6df2d0c50fa635beb7c622f0dd02d139348a2b91ef39e111434a9bac2bdb2276591b2b2fbdfc79a
SSDEEP

24576:jrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPakU:jrKo4ZwCOnYjVmJPaX

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe

description	pid	process	target process
PID 1728 set thread context of 4544	1728	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe

pid	process
4544	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe
4544	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe
4544	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe
4544	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe
4544	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe

description	pid	process	target process
PID 1728 wrote to memory of 4544	1728	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe
PID 1728 wrote to memory of 4544	1728	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe
PID 1728 wrote to memory of 4544	1728	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe
PID 1728 wrote to memory of 4544	1728	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe
PID 1728 wrote to memory of 4544	1728	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe
PID 1728 wrote to memory of 4544	1728	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe
PID 1728 wrote to memory of 4544	1728	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe
PID 1728 wrote to memory of 4544	1728	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe
PID 1728 wrote to memory of 4544	1728	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe
PID 1728 wrote to memory of 4544	1728	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe	ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe

C:\Users\Admin\AppData\Local\Temp\ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe
"C:\Users\Admin\AppData\Local\Temp\ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1728

C:\Users\Admin\AppData\Local\Temp\ba3fc44b79e0f77ee40d2a6728dfc5336f500ee2c9cd39b9bcdf6b8f4fcb8f54.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:4544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4544-132-0x0000000000000000-mapping.dmp

Download
memory/4544-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4544-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4544-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4544-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4544-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4544-138-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download