8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 11:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe
Size

1.3MB
MD5

eec516588787450ff80a2da603373620
SHA1

a9ce542f0355a566ca3cc3f64312f99893e5905e
SHA256

8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111
SHA512

1c3d1e03289b1e8a8df95ff2428cb259d0fd5db4dec04040f4c9b9ee36eca8220fcb22d5556cf6554ea797b5cc76c983268bc1e11db1a7b0694587bc4fdf2416
SSDEEP

24576:jrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPakL:jrKo4ZwCOnYjVmJPao

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe

description	pid	process	target process
PID 4344 set thread context of 4732	4344	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe

pid	process
4732	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe
4732	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe
4732	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe
4732	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe
4732	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe

description	pid	process	target process
PID 4344 wrote to memory of 4732	4344	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe
PID 4344 wrote to memory of 4732	4344	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe
PID 4344 wrote to memory of 4732	4344	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe
PID 4344 wrote to memory of 4732	4344	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe
PID 4344 wrote to memory of 4732	4344	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe
PID 4344 wrote to memory of 4732	4344	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe
PID 4344 wrote to memory of 4732	4344	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe
PID 4344 wrote to memory of 4732	4344	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe
PID 4344 wrote to memory of 4732	4344	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe
PID 4344 wrote to memory of 4732	4344	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe	8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe

C:\Users\Admin\AppData\Local\Temp\8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe
"C:\Users\Admin\AppData\Local\Temp\8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4344

C:\Users\Admin\AppData\Local\Temp\8a962064eff0877d28cf4a727174ead49097dc09a7e9dae1d48930dd9e29a111.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:4732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4732-132-0x0000000000000000-mapping.dmp

Download
memory/4732-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4732-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4732-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4732-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4732-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download