8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f

Analysis

max time kernel
159s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 11:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe
Size

1.3MB
MD5

f57eedc8342d6ab867838df9defd5a2d
SHA1

4fc36b924c00ee0fdf3f0d21fa895da9dfe6f1ea
SHA256

8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f
SHA512

6ec49a1f0f78aff40591566ed685411d77e729e2e36dfc17f7c6b57ac6dcf4dfffddd7e2ee3e8013c97d22a6047f00cc2285f49e2b8008de28a3b74eff3c7ca8
SSDEEP

24576:zrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPak3:zrKo4ZwCOnYjVmJPao

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe

description	pid	process	target process
PID 4416 set thread context of 3004	4416	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe

pid	process
3004	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe
3004	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe
3004	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe
3004	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe
3004	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe

description	pid	process	target process
PID 4416 wrote to memory of 3004	4416	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe
PID 4416 wrote to memory of 3004	4416	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe
PID 4416 wrote to memory of 3004	4416	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe
PID 4416 wrote to memory of 3004	4416	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe
PID 4416 wrote to memory of 3004	4416	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe
PID 4416 wrote to memory of 3004	4416	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe
PID 4416 wrote to memory of 3004	4416	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe
PID 4416 wrote to memory of 3004	4416	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe
PID 4416 wrote to memory of 3004	4416	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe
PID 4416 wrote to memory of 3004	4416	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe	8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe

C:\Users\Admin\AppData\Local\Temp\8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe
"C:\Users\Admin\AppData\Local\Temp\8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4416

C:\Users\Admin\AppData\Local\Temp\8cf69c207422791c5bd20380395a66c1dadc00a0f133abc4dc0a9baf3d8b440f.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:3004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3004-132-0x0000000000000000-mapping.dmp

Download
memory/3004-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3004-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3004-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3004-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3004-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3004-138-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download