841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38

Analysis

max time kernel
186s
max time network
192s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 11:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe
Size

1.3MB
MD5

c6653655cda4fcfe76b10732b79bbb4f
SHA1

d5582f54fae1c7233747e610eed0faacfc5b28d8
SHA256

841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38
SHA512

135ca6c239da8560bde899ec1d88de09dfc59c5a1224c37bfe493d72019b3ff0f4d8bed13220bac3cef8acf1527f42409c2c72156f5a5f87f1bc029c46843589
SSDEEP

24576:7rKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPakC:7rKo4ZwCOnYjVmJPaN

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe

description	pid	process	target process
PID 4644 set thread context of 224	4644	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe

pid	process
224	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe
224	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe
224	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe
224	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe
224	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe

description	pid	process	target process
PID 4644 wrote to memory of 224	4644	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe
PID 4644 wrote to memory of 224	4644	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe
PID 4644 wrote to memory of 224	4644	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe
PID 4644 wrote to memory of 224	4644	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe
PID 4644 wrote to memory of 224	4644	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe
PID 4644 wrote to memory of 224	4644	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe
PID 4644 wrote to memory of 224	4644	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe
PID 4644 wrote to memory of 224	4644	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe
PID 4644 wrote to memory of 224	4644	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe
PID 4644 wrote to memory of 224	4644	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe	841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe

C:\Users\Admin\AppData\Local\Temp\841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe
"C:\Users\Admin\AppData\Local\Temp\841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4644

C:\Users\Admin\AppData\Local\Temp\841631a6fa1ad4db3320b61f3b8ff812cb0a31c6ffd007c14bea79bd307a4d38.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/224-132-0x0000000000000000-mapping.dmp

Download
memory/224-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/224-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/224-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/224-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/224-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download