7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b

Analysis

max time kernel
182s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe
Size

1.6MB
MD5

9f15a3469e29b34c77154020bd7f0dc1
SHA1

34a14b1973a4932ff8d75151a8c13e50dfd75f9d
SHA256

7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b
SHA512

e5b1ee79de4197cd61a468158d56fc7b15b256679e8536a4bd93e9532d093bf638f2008e79922bcffa96e5548366bee3eba0ee2d10782861be75d4154135f9f8
SSDEEP

24576:NzD5urNhRWx2Mk4JJQByw7Imlq3g495S0PwbphrpgXXOZuv/rTWeR5j4UwJZQUYJ:n6/ye0PIphrp9Zuvjqa0Uide

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe

description	pid	process	target process
PID 2592 set thread context of 4628	2592	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe

pid	process
4628	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe
4628	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe
4628	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe
4628	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe
4628	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe

description	pid	process	target process
PID 2592 wrote to memory of 4628	2592	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe
PID 2592 wrote to memory of 4628	2592	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe
PID 2592 wrote to memory of 4628	2592	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe
PID 2592 wrote to memory of 4628	2592	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe
PID 2592 wrote to memory of 4628	2592	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe
PID 2592 wrote to memory of 4628	2592	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe
PID 2592 wrote to memory of 4628	2592	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe
PID 2592 wrote to memory of 4628	2592	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe
PID 2592 wrote to memory of 4628	2592	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe
PID 2592 wrote to memory of 4628	2592	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe	7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe

C:\Users\Admin\AppData\Local\Temp\7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe
"C:\Users\Admin\AppData\Local\Temp\7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2592

C:\Users\Admin\AppData\Local\Temp\7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe
"C:\Users\Admin\AppData\Local\Temp\7924e120edd982c98d3de154ef04b2af9455eafc1a4fd3900c539574b6ca8e7b.exe"
2⤵
- Suspicious use of SetWindowsHookEx
PID:4628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4628-132-0x0000000000000000-mapping.dmp

Download
memory/4628-133-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/4628-134-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/4628-135-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/4628-136-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/4628-137-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download