c34e1f276139b1c89f41c3795588701aaabcfb8c7a3b0cde737a71405d2373bd | Triage

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 18:59

Sharing

Report Analysis Logs

General

Target

.exe
Size

692KB
MD5

927b80171629eca196dc30a32d8fb6d7
SHA1

dd08086f6ee62bc430406d8a7269d628b0c21f09
SHA256

c60f793bfc567c6ba8a5eb0c3e7f843726b47b6155ed8c2954f39b39f98b03e0
SHA512

4af3e93c82d53cc3738e31fa375984a63d7221a421f7a5dbf6fc07d7c77cc83e90d6bcf3059a665193d2f3147d77fd8120e6198f59e98bb6f050e391f91101f5
SSDEEP

12288:/ATIDJ0L1m4M6cejKFYOlGx6uxvKDzU3O0SYI:/ATIDJa15M6Fe1sxDKXOO0l

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 24 IoCs

Processes:

.exe

pid	process
832	.exe
832	.exe
832	.exe
832	.exe
832	.exe
832	.exe
832	.exe
832	.exe
832	.exe
832	.exe
832	.exe
832	.exe
832	.exe
832	.exe
832	.exe
832	.exe
832	.exe
832	.exe
832	.exe
832	.exe
832	.exe
832	.exe
832	.exe
832	.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

.exe

pid process

832 .exe
832 .exe

C:\Users\Admin\AppData\Local\Temp\.exe
"C:\Users\Admin\AppData\Local\Temp\.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/832-132-0x0000000000400000-0x00000000004C0000-memory.dmp

Filesize
768KB

Download
memory/832-133-0x0000000000400000-0x00000000004C0000-memory.dmp

Filesize
768KB

Download