3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc

Analysis

max time kernel
180s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe
Size

1.3MB
MD5

3276e870f30392cc9120b7ff9b332528
SHA1

4d2b411ccd191669c23b4048961eca156626b9fd
SHA256

3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc
SHA512

fd9e8897e3d2002eceb9612e7ce1f39e55f68011e80dab2d6824906e44887cb91052f6dba5e0cd7b8ed2a79df92acf90b846c9d198e6ab4182d9ed0b2d0795e6
SSDEEP

24576:zrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPak:zrKo4ZwCOnYjVmJPa

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe

description	pid	process	target process
PID 2436 set thread context of 2980	2436	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe

pid	process
2980	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe
2980	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe
2980	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe
2980	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe
2980	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe

description	pid	process	target process
PID 2436 wrote to memory of 2980	2436	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe
PID 2436 wrote to memory of 2980	2436	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe
PID 2436 wrote to memory of 2980	2436	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe
PID 2436 wrote to memory of 2980	2436	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe
PID 2436 wrote to memory of 2980	2436	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe
PID 2436 wrote to memory of 2980	2436	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe
PID 2436 wrote to memory of 2980	2436	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe
PID 2436 wrote to memory of 2980	2436	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe
PID 2436 wrote to memory of 2980	2436	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe
PID 2436 wrote to memory of 2980	2436	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe	3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe

C:\Users\Admin\AppData\Local\Temp\3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe
"C:\Users\Admin\AppData\Local\Temp\3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2436

C:\Users\Admin\AppData\Local\Temp\3a51bcea9d7ffde2a126b3a2bf16822130e8feb10fca4668bb2f7ae9d293e3cc.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:2980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2980-132-0x0000000000000000-mapping.dmp

Download
memory/2980-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/2980-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/2980-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/2980-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download