455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993

Analysis

max time kernel
189s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe
Size

1.3MB
MD5

3f6910275020ebe88e269726d3e02833
SHA1

4e50b965ce1ed304c703c6d5a0c5b7589b549c2a
SHA256

455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993
SHA512

ee834dae1948a013caae4ff6a1e1971386af886bfb35bcb2043bfa90304ffb5e3ee637c7e643d5f62059cdb23f0d2dd0f780b718d3b907c8c12ee2e6d765ead0
SSDEEP

24576:jrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPakW:jrKo4ZwCOnYjVmJPal

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe

description	pid	process	target process
PID 4104 set thread context of 1912	4104	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe

pid	process
1912	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe
1912	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe
1912	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe
1912	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe
1912	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe

description	pid	process	target process
PID 4104 wrote to memory of 1912	4104	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe
PID 4104 wrote to memory of 1912	4104	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe
PID 4104 wrote to memory of 1912	4104	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe
PID 4104 wrote to memory of 1912	4104	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe
PID 4104 wrote to memory of 1912	4104	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe
PID 4104 wrote to memory of 1912	4104	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe
PID 4104 wrote to memory of 1912	4104	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe
PID 4104 wrote to memory of 1912	4104	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe
PID 4104 wrote to memory of 1912	4104	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe
PID 4104 wrote to memory of 1912	4104	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe	455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe

C:\Users\Admin\AppData\Local\Temp\455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe
"C:\Users\Admin\AppData\Local\Temp\455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4104

C:\Users\Admin\AppData\Local\Temp\455a50dab5f2c508b48aaa9b4c946343fdf601f44b30299d0e6833d276cd9993.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:1912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1912-132-0x0000000000000000-mapping.dmp

Download
memory/1912-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1912-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1912-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1912-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1912-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download