22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2

Analysis

max time kernel
149s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 14:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe
Size

1.3MB
MD5

3b38bd19d535683786f8b3e9e647734e
SHA1

a94d335e891614a37da0bdbd54336461461912ca
SHA256

22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2
SHA512

94588f97d585b1ce7db0ca994452f48017123ac89bb94d8615bdf0ca9518518941e711044d576a5717db4213b4b4c9842e1325b7711092ed52040838528c0179
SSDEEP

24576:rrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPak:rrKo4ZwCOnYjVmJPa

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe

description	pid	process	target process
PID 3540 set thread context of 2312	3540	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe

pid	process
2312	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe
2312	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe
2312	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe
2312	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe
2312	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe

description	pid	process	target process
PID 3540 wrote to memory of 2312	3540	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe
PID 3540 wrote to memory of 2312	3540	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe
PID 3540 wrote to memory of 2312	3540	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe
PID 3540 wrote to memory of 2312	3540	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe
PID 3540 wrote to memory of 2312	3540	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe
PID 3540 wrote to memory of 2312	3540	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe
PID 3540 wrote to memory of 2312	3540	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe
PID 3540 wrote to memory of 2312	3540	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe
PID 3540 wrote to memory of 2312	3540	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe
PID 3540 wrote to memory of 2312	3540	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe	22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe

C:\Users\Admin\AppData\Local\Temp\22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe
"C:\Users\Admin\AppData\Local\Temp\22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3540

C:\Users\Admin\AppData\Local\Temp\22d7f2b026e5356781bb941de4c0b40ff9396e308506a59968185f8a1a1cb8d2.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:2312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2312-132-0x0000000000000000-mapping.dmp

Download
memory/2312-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/2312-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/2312-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/2312-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/2312-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/2312-138-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download