75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b

Analysis

max time kernel
54s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe
Size

1.3MB
MD5

981303025adac875c2e7f02bdc192692
SHA1

ae03aba7da36ddd99e86da3b249c0a4bd99f7a16
SHA256

75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b
SHA512

f2abc0a1707765b595e52b0df9036e3b6362232dfbb54a25c8b58ea895997a631d5bf4c0728b2af630b9b99e423ec3391ec65026b6610775578063c650151cc0
SSDEEP

24576:rrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPak:rrKo4ZwCOnYjVmJPa

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe

description	pid	process	target process
PID 4044 set thread context of 3612	4044	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe

pid	process
3612	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe
3612	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe
3612	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe
3612	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe
3612	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe

description	pid	process	target process
PID 4044 wrote to memory of 3612	4044	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe
PID 4044 wrote to memory of 3612	4044	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe
PID 4044 wrote to memory of 3612	4044	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe
PID 4044 wrote to memory of 3612	4044	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe
PID 4044 wrote to memory of 3612	4044	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe
PID 4044 wrote to memory of 3612	4044	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe
PID 4044 wrote to memory of 3612	4044	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe
PID 4044 wrote to memory of 3612	4044	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe
PID 4044 wrote to memory of 3612	4044	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe
PID 4044 wrote to memory of 3612	4044	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe	75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe

C:\Users\Admin\AppData\Local\Temp\75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe
"C:\Users\Admin\AppData\Local\Temp\75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4044

C:\Users\Admin\AppData\Local\Temp\75d99e26b42ed5eaab476bae0c9eaa201a5eeb15106c3a449fe7d6d4b5feb60b.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:3612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3612-132-0x0000000000000000-mapping.dmp

Download
memory/3612-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3612-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3612-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3612-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3612-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download