42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603

Analysis

max time kernel
186s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe
Size

1.3MB
MD5

4c846ce759bcf19a6b03b02e781502f9
SHA1

275d46066fc98a8b160ccc2142d01b978fbaf02f
SHA256

42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603
SHA512

b0990a3067caf18bdd41d079c6de06ea86db265fb9403f1d77de553cca3fcee32a91d7da30ea700d1a1ee140a9cc7457cbc987fc43871abe4ea179aa8af83ece
SSDEEP

24576:zrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPakz:zrKo4ZwCOnYjVmJPaw

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe

description	pid	process	target process
PID 4280 set thread context of 3444	4280	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe

pid	process
3444	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe
3444	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe
3444	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe
3444	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe
3444	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe

description	pid	process	target process
PID 4280 wrote to memory of 3444	4280	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe
PID 4280 wrote to memory of 3444	4280	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe
PID 4280 wrote to memory of 3444	4280	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe
PID 4280 wrote to memory of 3444	4280	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe
PID 4280 wrote to memory of 3444	4280	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe
PID 4280 wrote to memory of 3444	4280	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe
PID 4280 wrote to memory of 3444	4280	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe
PID 4280 wrote to memory of 3444	4280	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe
PID 4280 wrote to memory of 3444	4280	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe
PID 4280 wrote to memory of 3444	4280	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe	42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe

C:\Users\Admin\AppData\Local\Temp\42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe
"C:\Users\Admin\AppData\Local\Temp\42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4280

C:\Users\Admin\AppData\Local\Temp\42f05dc44b9b3573854ae8a95b082ce01acd1487ff42a6fb69d18a97cd580603.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:3444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3444-132-0x0000000000000000-mapping.dmp

Download
memory/3444-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3444-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3444-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3444-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3444-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download