494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb

Analysis

max time kernel
171s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe
Size

1.1MB
MD5

186965b31522866777258fdafc3d6e8e
SHA1

f7afe7b2f69733000bfefabbe882917f640b8cf4
SHA256

494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb
SHA512

bc45467f2eef803470bb4f0735d548b4fa16c4f549b4769c587f06b70d88feaa04f1aca372b87c14fa1258efbeb092386c92997caf2b17391efa1402a9c0fbc7
SSDEEP

24576:kjmOYKa/TY9ZPFXntEi+m/ZWOLB28TS3985qEeP02wH:kqvkHZt7+mBWABf2028

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe

description	pid	process	target process
PID 4420 set thread context of 1456	4420	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe

pid	process
1456	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe
1456	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe
1456	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe
1456	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe
1456	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe

description	pid	process	target process
PID 4420 wrote to memory of 1456	4420	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe
PID 4420 wrote to memory of 1456	4420	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe
PID 4420 wrote to memory of 1456	4420	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe
PID 4420 wrote to memory of 1456	4420	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe
PID 4420 wrote to memory of 1456	4420	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe
PID 4420 wrote to memory of 1456	4420	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe
PID 4420 wrote to memory of 1456	4420	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe
PID 4420 wrote to memory of 1456	4420	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe
PID 4420 wrote to memory of 1456	4420	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe
PID 4420 wrote to memory of 1456	4420	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe	494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe

C:\Users\Admin\AppData\Local\Temp\494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe
"C:\Users\Admin\AppData\Local\Temp\494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4420

C:\Users\Admin\AppData\Local\Temp\494c3ff74df30b88e0b6c764f3412a7e147cbf9925ac2c78a73f799fcf4c5cdb.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:1456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1456-132-0x0000000000000000-mapping.dmp

Download
memory/1456-133-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/1456-134-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/1456-135-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/1456-136-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/1456-137-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download