79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec

Analysis

max time kernel
177s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe
Size

1.3MB
MD5

24df975183f12ac58cddc16cf4b39e5d
SHA1

35da5c25e959134c34ae0092c494a75618791929
SHA256

79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec
SHA512

6bd0362ed62995c7a13248c27f066642f8fa4294205aba449e27afbfb959bcf29dd36a98682959b54b149cc94e5460f32e92e63429dda08047dcc4845bdf8e11
SSDEEP

24576:TrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPak:TrKo4ZwCOnYjVmJPa

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe

description	pid	process	target process
PID 1684 set thread context of 1332	1684	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe

pid	process
1332	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe
1332	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe
1332	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe
1332	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe
1332	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe

description	pid	process	target process
PID 1684 wrote to memory of 1332	1684	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe
PID 1684 wrote to memory of 1332	1684	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe
PID 1684 wrote to memory of 1332	1684	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe
PID 1684 wrote to memory of 1332	1684	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe
PID 1684 wrote to memory of 1332	1684	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe
PID 1684 wrote to memory of 1332	1684	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe
PID 1684 wrote to memory of 1332	1684	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe
PID 1684 wrote to memory of 1332	1684	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe
PID 1684 wrote to memory of 1332	1684	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe
PID 1684 wrote to memory of 1332	1684	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe	79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe

C:\Users\Admin\AppData\Local\Temp\79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe
"C:\Users\Admin\AppData\Local\Temp\79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Users\Admin\AppData\Local\Temp\79d08a0f80b2695b3207e142413c5f266b56632f9c9afbfe244307c2ea37a0ec.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1332-132-0x0000000000000000-mapping.dmp

Download
memory/1332-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1332-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1332-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1332-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1332-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download