Analysis
-
max time kernel
5s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 17:01
Static task
static1
Behavioral task
behavioral1
Sample
337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe
Resource
win10v2004-20221111-en
General
-
Target
337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe
-
Size
132KB
-
MD5
1935756a7bb46eb4a9f8916a0001ab15
-
SHA1
ac0de6fafeadfc1db0b43b22813096c1a62d7376
-
SHA256
337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159
-
SHA512
8defc0ed6b68fca0c6ae26b6bce67e3673c0abdee61b25db28d1e69d82e7ef02864e798d1b30697d0719d1348bb757f07ac4b004eea98f2b88958d8f79a5b57a
-
SSDEEP
1536:XuPS505c11nXuWhlQs5Z+p9KX96MzqfZRFqOafM2EHHLHHEaBbmTo9VjOglW2a/s:U1fmz0RFQMEaNVl+/FhO5zvON8pVdv
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exedescription pid process target process PID 972 set thread context of 1636 972 337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe 337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exepid process 972 337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe -
Suspicious use of WriteProcessMemory 9 IoCs
Processes:
337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exedescription pid process target process PID 972 wrote to memory of 1636 972 337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe 337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe PID 972 wrote to memory of 1636 972 337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe 337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe PID 972 wrote to memory of 1636 972 337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe 337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe PID 972 wrote to memory of 1636 972 337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe 337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe PID 972 wrote to memory of 1636 972 337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe 337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe PID 972 wrote to memory of 1636 972 337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe 337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe PID 972 wrote to memory of 1636 972 337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe 337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe PID 972 wrote to memory of 1636 972 337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe 337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe PID 972 wrote to memory of 1636 972 337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe 337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe"C:\Users\Admin\AppData\Local\Temp\337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:972 -
C:\Users\Admin\AppData\Local\Temp\337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exeC:\Users\Admin\AppData\Local\Temp\337ce70c1ce4cb799e62b35da8344eb92d0f41968e44256b4fec59bb06fb2159.exe2⤵PID:1636