Analysis
-
max time kernel
7s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 19:09
Static task
static1
Behavioral task
behavioral1
Sample
91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe
Resource
win10v2004-20221111-en
General
-
Target
91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe
-
Size
100KB
-
MD5
44aac00868da90fed8c8cd813a8e122d
-
SHA1
ad99d1d0f6f08b6730793a49ae6f141a7de4cc58
-
SHA256
91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0
-
SHA512
6f1a424da1d9ce9dfe1905da7157dbffe60cda45ba034dee23ca5f3ebd9b362889cc94272a0ed8007719e4b25e9036ce8bef3717ac4ac8dae510040284cedfd0
-
SSDEEP
1536:tP7LRKw4nbZgCGauwkxCxzxZu5Ogtuwk4yg0LKIduwmXEi48+ny8Oo:9oLNgC1uzStZu5Ogt5t0Luf48+yRo
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exedescription pid process target process PID 1228 set thread context of 1812 1228 91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe 91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exepid process 1228 91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe -
Suspicious use of WriteProcessMemory 10 IoCs
Processes:
91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exedescription pid process target process PID 1228 wrote to memory of 1812 1228 91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe 91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe PID 1228 wrote to memory of 1812 1228 91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe 91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe PID 1228 wrote to memory of 1812 1228 91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe 91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe PID 1228 wrote to memory of 1812 1228 91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe 91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe PID 1228 wrote to memory of 1812 1228 91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe 91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe PID 1228 wrote to memory of 1812 1228 91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe 91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe PID 1228 wrote to memory of 1812 1228 91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe 91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe PID 1228 wrote to memory of 1812 1228 91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe 91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe PID 1228 wrote to memory of 1812 1228 91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe 91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe PID 1228 wrote to memory of 1812 1228 91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe 91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe"C:\Users\Admin\AppData\Local\Temp\91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exeC:\Users\Admin\AppData\Local\Temp\91d55f39bff19579a33592067e5ae831cfe9783184073a1c8f5cd71f83deb9f0.exe2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1812-57-0x0000000000400000-0x0000000000412000-memory.dmpFilesize
72KB
-
memory/1812-56-0x0000000000400000-0x0000000000412000-memory.dmpFilesize
72KB
-
memory/1812-59-0x0000000000400000-0x0000000000412000-memory.dmpFilesize
72KB
-
memory/1812-60-0x0000000000400000-0x0000000000412000-memory.dmpFilesize
72KB
-
memory/1812-62-0x0000000000400000-0x0000000000412000-memory.dmpFilesize
72KB
-
memory/1812-63-0x0000000000400000-0x0000000000412000-memory.dmpFilesize
72KB
-
memory/1812-64-0x0000000000409000-mapping.dmp
-
memory/1812-66-0x0000000000400000-0x0000000000412000-memory.dmpFilesize
72KB
-
memory/1812-67-0x0000000075C41000-0x0000000075C43000-memory.dmpFilesize
8KB
-
memory/1812-68-0x0000000010000000-0x0000000010013000-memory.dmpFilesize
76KB