8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073

Analysis

max time kernel
157s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 11:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe
Size

1.3MB
MD5

ffcd37d503bb4002f9499f7b65b04f22
SHA1

b5790de7f8f6d3ddb4b7179d5d8f3d92f7f766cb
SHA256

8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073
SHA512

fc51367437beeb304f7298f83511b7f5e2357a7ecbb96ff6b65ed387ad6b43191d627543d3670a7a3a3c396ac9b9c11cb5ece94d46b453997a62cd51d4f2f8d1
SSDEEP

24576:zrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPak:zrKo4ZwCOnYjVmJPa

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe

description	pid	process	target process
PID 4944 set thread context of 520	4944	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe

pid	process
520	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe
520	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe
520	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe
520	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe
520	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe

description	pid	process	target process
PID 4944 wrote to memory of 520	4944	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe
PID 4944 wrote to memory of 520	4944	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe
PID 4944 wrote to memory of 520	4944	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe
PID 4944 wrote to memory of 520	4944	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe
PID 4944 wrote to memory of 520	4944	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe
PID 4944 wrote to memory of 520	4944	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe
PID 4944 wrote to memory of 520	4944	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe
PID 4944 wrote to memory of 520	4944	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe
PID 4944 wrote to memory of 520	4944	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe
PID 4944 wrote to memory of 520	4944	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe	8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe

C:\Users\Admin\AppData\Local\Temp\8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe
"C:\Users\Admin\AppData\Local\Temp\8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4944

C:\Users\Admin\AppData\Local\Temp\8c8556ad0e9b66d94517aea06562990f801b03a3a49098b6f2a93da3d43ce073.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/520-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/520-132-0x0000000000000000-mapping.dmp

Download
memory/520-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/520-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/520-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/520-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download