5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d

Analysis

max time kernel
106s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe
Size

1.3MB
MD5

f9f012819a6f0332a9533ee7d0f3b42d
SHA1

344b5a9f41dca709ce83dc5b21f00250ea1298c1
SHA256

5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d
SHA512

c2afc4cd07811222d8928cbe8d285e7db24c4284e8112f598f89580a1092d0b674809f46c45e962ad816d6cbc8394ccb81484d7113da5c16066ae776cee8bece
SSDEEP

24576:7rKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPakb:7rKo4ZwCOnYjVmJPac

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe

description	pid	process	target process
PID 5076 set thread context of 740	5076	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe

pid	process
740	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe
740	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe
740	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe
740	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe
740	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe

description	pid	process	target process
PID 5076 wrote to memory of 740	5076	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe
PID 5076 wrote to memory of 740	5076	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe
PID 5076 wrote to memory of 740	5076	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe
PID 5076 wrote to memory of 740	5076	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe
PID 5076 wrote to memory of 740	5076	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe
PID 5076 wrote to memory of 740	5076	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe
PID 5076 wrote to memory of 740	5076	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe
PID 5076 wrote to memory of 740	5076	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe
PID 5076 wrote to memory of 740	5076	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe
PID 5076 wrote to memory of 740	5076	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe	5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe

C:\Users\Admin\AppData\Local\Temp\5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe
"C:\Users\Admin\AppData\Local\Temp\5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:5076

C:\Users\Admin\AppData\Local\Temp\5ce4af926b8ec7a333da9dee27ec7e23cbb4e03bb880bafeb48392264caa609d.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/740-132-0x0000000000000000-mapping.dmp

Download
memory/740-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/740-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/740-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/740-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/740-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/740-138-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download