95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f

Analysis

max time kernel
177s
max time network
191s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 11:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe
Size

1.3MB
MD5

b89547009ddc66bb2d8999dc65445359
SHA1

1f230ede1a35a4fae1a3f129b3380590ba7be5dc
SHA256

95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f
SHA512

59207d08d6b9c4c7ef0a5db9f7d8cdce1442aa4b3dee6a0ea8d742bac84fab5304134b4388545a305ab31e6ede8d608abfac4616ab705521d0f9c93f95b88131
SSDEEP

24576:TrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPak:TrKo4ZwCOnYjVmJPa

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe

description	pid	process	target process
PID 2652 set thread context of 4592	2652	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe

pid	process
4592	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe
4592	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe
4592	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe
4592	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe
4592	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe

description	pid	process	target process
PID 2652 wrote to memory of 4592	2652	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe
PID 2652 wrote to memory of 4592	2652	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe
PID 2652 wrote to memory of 4592	2652	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe
PID 2652 wrote to memory of 4592	2652	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe
PID 2652 wrote to memory of 4592	2652	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe
PID 2652 wrote to memory of 4592	2652	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe
PID 2652 wrote to memory of 4592	2652	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe
PID 2652 wrote to memory of 4592	2652	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe
PID 2652 wrote to memory of 4592	2652	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe
PID 2652 wrote to memory of 4592	2652	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe	95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe

C:\Users\Admin\AppData\Local\Temp\95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe
"C:\Users\Admin\AppData\Local\Temp\95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2652

C:\Users\Admin\AppData\Local\Temp\95c1d8c10775b431f4d7eca2fd52df82c789df3f5f1774983d82f450e097d10f.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:4592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4592-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4592-132-0x0000000000000000-mapping.dmp

Download
memory/4592-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4592-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4592-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4592-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download