757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0

Analysis

max time kernel
171s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe
Size

1.3MB
MD5

9176743e0f6c904d92e6e4ea70839452
SHA1

974fe93c7082d208832e69620de8946fac952cca
SHA256

757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0
SHA512

282d3dc3f971532dcf41ca60ba3928427e152901380441c39ec659f242834252ac89408a2ad374ee0ba5049f6f78cd2ef6927e66ab0c6a978e80b460d593406d
SSDEEP

24576:zrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPak:zrKo4ZwCOnYjVmJPa

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe

description	pid	process	target process
PID 2156 set thread context of 4624	2156	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe

pid	process
4624	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe
4624	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe
4624	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe
4624	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe
4624	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe

description	pid	process	target process
PID 2156 wrote to memory of 4624	2156	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe
PID 2156 wrote to memory of 4624	2156	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe
PID 2156 wrote to memory of 4624	2156	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe
PID 2156 wrote to memory of 4624	2156	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe
PID 2156 wrote to memory of 4624	2156	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe
PID 2156 wrote to memory of 4624	2156	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe
PID 2156 wrote to memory of 4624	2156	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe
PID 2156 wrote to memory of 4624	2156	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe
PID 2156 wrote to memory of 4624	2156	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe
PID 2156 wrote to memory of 4624	2156	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe	757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe

C:\Users\Admin\AppData\Local\Temp\757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe
"C:\Users\Admin\AppData\Local\Temp\757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2156

C:\Users\Admin\AppData\Local\Temp\757c5e059c0060c0cee676249796402ff75d7d0bbeb0e2991d46a587b64ddbd0.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:4624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4624-132-0x0000000000000000-mapping.dmp

Download
memory/4624-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4624-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4624-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4624-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4624-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4624-138-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download