9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951

Analysis

max time kernel
206s
max time network
212s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 11:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe
Size

1.3MB
MD5

57463f44c7ae7909db42955f36595d25
SHA1

dc333c2526e257aea07d208b580c6569e735f907
SHA256

9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951
SHA512

61bbe365b3af5122f67e766ea1489f0f6add63468ef167fe65ae38a6d868e3c6dfd3471342d847b3fb6aa727996a6475deb075aea7c8eceb425010517efb2808
SSDEEP

24576:TrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPakfn:TrKo4ZwCOnYjVmJPa8

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe

description	pid	process	target process
PID 1472 set thread context of 3256	1472	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe

pid	process
3256	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe
3256	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe
3256	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe
3256	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe
3256	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe

description	pid	process	target process
PID 1472 wrote to memory of 3256	1472	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe
PID 1472 wrote to memory of 3256	1472	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe
PID 1472 wrote to memory of 3256	1472	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe
PID 1472 wrote to memory of 3256	1472	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe
PID 1472 wrote to memory of 3256	1472	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe
PID 1472 wrote to memory of 3256	1472	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe
PID 1472 wrote to memory of 3256	1472	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe
PID 1472 wrote to memory of 3256	1472	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe
PID 1472 wrote to memory of 3256	1472	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe
PID 1472 wrote to memory of 3256	1472	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe	9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe

C:\Users\Admin\AppData\Local\Temp\9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe
"C:\Users\Admin\AppData\Local\Temp\9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Users\Admin\AppData\Local\Temp\9261ec6e27c78d8e8d2258aa06a7f024d62c64a0bf48aea250295a607c40c951.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3256-132-0x0000000000000000-mapping.dmp

Download
memory/3256-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3256-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3256-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3256-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3256-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download