14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465

Analysis

max time kernel
73s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 14:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe
Size

1.3MB
MD5

9480cf31828ae510538d6a087240575d
SHA1

534fde6c009baa39f6629e069b769eea1cdb3370
SHA256

14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465
SHA512

dca06b94a50e5ffeaaff5daf0567a94251aaf668309b1023622a55832c11aef797d4c07cafc97131e065cd04ab33cd76889e48b51a47b50b163377b73d6e7092
SSDEEP

24576:TrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPakP:TrKo4ZwCOnYjVmJPaw

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe

description	pid	process	target process
PID 400 set thread context of 3012	400	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe

pid	process
3012	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe
3012	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe
3012	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe
3012	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe
3012	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe

description	pid	process	target process
PID 400 wrote to memory of 3012	400	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe
PID 400 wrote to memory of 3012	400	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe
PID 400 wrote to memory of 3012	400	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe
PID 400 wrote to memory of 3012	400	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe
PID 400 wrote to memory of 3012	400	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe
PID 400 wrote to memory of 3012	400	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe
PID 400 wrote to memory of 3012	400	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe
PID 400 wrote to memory of 3012	400	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe
PID 400 wrote to memory of 3012	400	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe
PID 400 wrote to memory of 3012	400	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe	14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe

C:\Users\Admin\AppData\Local\Temp\14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe
"C:\Users\Admin\AppData\Local\Temp\14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:400

C:\Users\Admin\AppData\Local\Temp\14e82945aaa37d5c5c66cb16148b971db55673c398d6b1099ffa010963de3465.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3012-132-0x0000000000000000-mapping.dmp

Download
memory/3012-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3012-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3012-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3012-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3012-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download