5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33

Analysis

max time kernel
92s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe
Size

1.3MB
MD5

df878ec2e3e46e104bca67265f018653
SHA1

8de33e2634f57ea74064df1bb462de1315bbbd71
SHA256

5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33
SHA512

b21518c35081c3fd4f6b28c62334d191c2f448c2c0310eca3b3eb8b065a3bbaf25604e39d013fe2043739238c94e6e43494369311dbf178e36fb889406b25a2d
SSDEEP

24576:7rKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPakZJ:7rKo4ZwCOnYjVmJPauJ

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe

description	pid	process	target process
PID 3992 set thread context of 3740	3992	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe

pid	process
3740	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe
3740	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe
3740	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe
3740	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe
3740	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe

description	pid	process	target process
PID 3992 wrote to memory of 3740	3992	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe
PID 3992 wrote to memory of 3740	3992	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe
PID 3992 wrote to memory of 3740	3992	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe
PID 3992 wrote to memory of 3740	3992	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe
PID 3992 wrote to memory of 3740	3992	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe
PID 3992 wrote to memory of 3740	3992	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe
PID 3992 wrote to memory of 3740	3992	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe
PID 3992 wrote to memory of 3740	3992	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe
PID 3992 wrote to memory of 3740	3992	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe
PID 3992 wrote to memory of 3740	3992	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe	5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe

C:\Users\Admin\AppData\Local\Temp\5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe
"C:\Users\Admin\AppData\Local\Temp\5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3992

C:\Users\Admin\AppData\Local\Temp\5578a7d4c4187f0d70e39269d638ad4c6834a47c8bbd712a6a7663f7e1579f33.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:3740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3740-132-0x0000000000000000-mapping.dmp

Download
memory/3740-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3740-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3740-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3740-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3740-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3740-138-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download