5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69

Analysis

max time kernel
177s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe
Size

1.6MB
MD5

4c138bc0f8703f8fe21b6b94a5605c1a
SHA1

ce62954917cedd7d695e6d449b56d07e9bfee372
SHA256

5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69
SHA512

aa7dcfacf67d8c6c7f402d4bd17a85e7eca713fa9ae738d30cb79956d63788c2605dec1f482d0481a0716b2c2f8a8d72d6cc92bc093708504595c198f29a1e66
SSDEEP

24576:9zD5urNhRWx2Mk4JJQByw7Imlq3g495S0PwbphrpgXXOZuv/rTWeR5j4UwJZQUYy:X6/ye0PIphrp9Zuvjqa0Uid5

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe

description	pid	process	target process
PID 3900 set thread context of 4896	3900	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe

pid	process
4896	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe
4896	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe
4896	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe
4896	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe
4896	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe

description	pid	process	target process
PID 3900 wrote to memory of 4896	3900	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe
PID 3900 wrote to memory of 4896	3900	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe
PID 3900 wrote to memory of 4896	3900	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe
PID 3900 wrote to memory of 4896	3900	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe
PID 3900 wrote to memory of 4896	3900	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe
PID 3900 wrote to memory of 4896	3900	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe
PID 3900 wrote to memory of 4896	3900	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe
PID 3900 wrote to memory of 4896	3900	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe
PID 3900 wrote to memory of 4896	3900	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe
PID 3900 wrote to memory of 4896	3900	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe	5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe

C:\Users\Admin\AppData\Local\Temp\5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe
"C:\Users\Admin\AppData\Local\Temp\5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3900

C:\Users\Admin\AppData\Local\Temp\5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe
"C:\Users\Admin\AppData\Local\Temp\5b029383451b812d77568c8c20b0ecc819eed7c555c1e59719ba6104d1da9b69.exe"
2⤵
- Suspicious use of SetWindowsHookEx
PID:4896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4896-132-0x0000000000000000-mapping.dmp

Download
memory/4896-133-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/4896-134-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/4896-135-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/4896-136-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/4896-137-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download