8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da

Analysis

max time kernel
182s
max time network
192s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe
Size

1.9MB
MD5

7fe2d86b18a27992c3ed758d89d2da0a
SHA1

eecfd9c9e0e6ddfcf604f2e3cd22a46b13f8fa92
SHA256

8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da
SHA512

c1c31d7324a67e3e9e156e400bad913bb1fc612aa7b429d239850aa1223e37957fa2602b0384a0b4c386cc59b9f5d23bd7a244d5e52be81b9b6872aa96f25378
SSDEEP

24576:FqIa/HrG/d7BGqExNj7vtP7dMqRdkiUGoPKMPBUTkwlGpv1Ch359NXOpr0V12Dd+:FqqEx5dtRmfBfponOC28IKcYCOPOaC2v

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe

description	pid	process	target process
PID 2072 set thread context of 3520	2072	8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe	8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe

pid process

2072 8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe

pid	process
2072	8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe

description	pid	process	target process
PID 2072 wrote to memory of 3520	2072	8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe	8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe
PID 2072 wrote to memory of 3520	2072	8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe	8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe
PID 2072 wrote to memory of 3520	2072	8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe	8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe
PID 2072 wrote to memory of 3520	2072	8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe	8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe
PID 2072 wrote to memory of 3520	2072	8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe	8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe
PID 2072 wrote to memory of 3520	2072	8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe	8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe
PID 2072 wrote to memory of 3520	2072	8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe	8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe
PID 2072 wrote to memory of 3520	2072	8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe	8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe
PID 2072 wrote to memory of 3520	2072	8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe	8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe

C:\Users\Admin\AppData\Local\Temp\8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe
"C:\Users\Admin\AppData\Local\Temp\8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Users\Admin\AppData\Local\Temp\8ce4873a7c86da73b0b8ef7f3722a83df39c4215cab0b3852e3bd0148ebd36da.exe
  2⤵
  PID:3520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3520-134-0x0000000000000000-mapping.dmp

Download
memory/3520-135-0x0000000000400000-0x00000000005D1000-memory.dmp

Filesize
1.8MB

Download
memory/3520-137-0x0000000000400000-0x00000000005D1000-memory.dmp

Filesize
1.8MB

Download
memory/3520-138-0x0000000000400000-0x00000000005D1000-memory.dmp

Filesize
1.8MB

Download