8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 11:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe
Size

1.3MB
MD5

a4db354c0c120c8ec5a88df4c0344293
SHA1

78236d4a547c2423dc6fe4a17b02198521e23245
SHA256

8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0
SHA512

758fb97ffbfb6dfc9e3da59ef554289fd0fa537327699d86618c5b260507b5db5d706381010044cd8c97709c25320f30539111c487a2231b845cc31fca5ebef4
SSDEEP

24576:jrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPakg:jrKo4ZwCOnYjVmJPa7

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe

description	pid	process	target process
PID 1436 set thread context of 4184	1436	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe

pid	process
4184	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe
4184	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe
4184	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe
4184	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe
4184	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe

description	pid	process	target process
PID 1436 wrote to memory of 4184	1436	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe
PID 1436 wrote to memory of 4184	1436	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe
PID 1436 wrote to memory of 4184	1436	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe
PID 1436 wrote to memory of 4184	1436	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe
PID 1436 wrote to memory of 4184	1436	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe
PID 1436 wrote to memory of 4184	1436	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe
PID 1436 wrote to memory of 4184	1436	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe
PID 1436 wrote to memory of 4184	1436	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe
PID 1436 wrote to memory of 4184	1436	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe
PID 1436 wrote to memory of 4184	1436	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe	8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe

C:\Users\Admin\AppData\Local\Temp\8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe
"C:\Users\Admin\AppData\Local\Temp\8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1436

C:\Users\Admin\AppData\Local\Temp\8f687bd5952fb9d5785c4c6b7d8c312ab8762d41bf4521503facd4f6ae1a42e0.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:4184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4184-132-0x0000000000000000-mapping.dmp

Download
memory/4184-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4184-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4184-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4184-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4184-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4184-138-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download