5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0

Analysis

max time kernel
155s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 19:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe
Size

188KB
MD5

456de3c5ca2245c64ec65492b9bd03f0
SHA1

c74609db62cadbb150bd41a55e461e25e435e534
SHA256

5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0
SHA512

537e29ab224907eb9730884f266a3e07e7692fdcac8db255d7e204aae341fd7171d92806c452502adc4c41351bcba1da39e29ddb2a002bede4b97723d09d3fc7
SSDEEP

3072:abrkco+AZw03pClHYNVuzqt3JaOgLhJwYf+HQSuMQz26rMfRp7dpXsVncrz:YodpCWNIqt3Zgtj+HQShQuf7dFMIz

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe

description	pid	process	target process
PID 2116 set thread context of 2128	2116	5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe	5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe

pid	process
2128	5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe
2128	5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe
2128	5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe
2128	5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe

pid process

2116 5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe

pid	process
2116	5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe

description	pid	process	target process
PID 2116 wrote to memory of 2128	2116	5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe	5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe
PID 2116 wrote to memory of 2128	2116	5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe	5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe
PID 2116 wrote to memory of 2128	2116	5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe	5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe
PID 2116 wrote to memory of 2128	2116	5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe	5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe
PID 2116 wrote to memory of 2128	2116	5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe	5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe
PID 2116 wrote to memory of 2128	2116	5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe	5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe
PID 2116 wrote to memory of 2128	2116	5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe	5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe
PID 2128 wrote to memory of 380	2128	5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe	Explorer.EXE
PID 2128 wrote to memory of 380	2128	5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe	Explorer.EXE
PID 2128 wrote to memory of 380	2128	5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe	Explorer.EXE
PID 2128 wrote to memory of 380	2128	5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe	Explorer.EXE

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:380

C:\Users\Admin\AppData\Local\Temp\5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe
"C:\Users\Admin\AppData\Local\Temp\5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe"
2⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2116

C:\Users\Admin\AppData\Local\Temp\5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe
C:\Users\Admin\AppData\Local\Temp\5a816dbdf936910daa304e27d9085b5581ec57dda13209244b23da5a85276ec0.exe
3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/380-145-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/2116-132-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2116-133-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2116-134-0x00000000006C0000-0x00000000006C4000-memory.dmp

Filesize
16KB

Download
memory/2116-135-0x00000000021A0000-0x00000000021D9000-memory.dmp

Filesize
228KB

Download
memory/2116-136-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2116-142-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/2116-143-0x00000000021A0000-0x00000000021D9000-memory.dmp

Filesize
228KB

Download
memory/2128-139-0x0000000000000000-mapping.dmp

Download
memory/2128-140-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2128-144-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/2128-146-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download