ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48

Analysis

max time kernel
161s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 00:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe
Size

1.1MB
MD5

341363b7d2883492bf7c338d4d92b0c5
SHA1

f51902a1ccf8be6cfb9471660e783f683ebc04e5
SHA256

ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48
SHA512

22cf44e3d3349cff4c3a7a2645d26b317946ae5d8be0de3364c3cc6ddc660f4e72845710a4d9710bf3ce547d5bf93f2b82c1a0773a45e5c6b19a84a74908465a
SSDEEP

12288:oD3g1pennnnnCsBwGOHBvblq0ib9efT5AB+K10Ojb1uiABW+kH+bl4OEIAzInvTY:YBwFBzFAB+i/bk7kXHw+qBOaqjxKrGz

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe

description	pid	process	target process
PID 4936 set thread context of 2612	4936	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe

pid	process
2612	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe
2612	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe
2612	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe
2612	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe
2612	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe

description	pid	process	target process
PID 4936 wrote to memory of 2612	4936	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe
PID 4936 wrote to memory of 2612	4936	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe
PID 4936 wrote to memory of 2612	4936	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe
PID 4936 wrote to memory of 2612	4936	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe
PID 4936 wrote to memory of 2612	4936	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe
PID 4936 wrote to memory of 2612	4936	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe
PID 4936 wrote to memory of 2612	4936	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe
PID 4936 wrote to memory of 2612	4936	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe
PID 4936 wrote to memory of 2612	4936	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe
PID 4936 wrote to memory of 2612	4936	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe	ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe

C:\Users\Admin\AppData\Local\Temp\ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe
"C:\Users\Admin\AppData\Local\Temp\ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4936

C:\Users\Admin\AppData\Local\Temp\ca2093914ea6f150f43d2e6ff9b42ce549d09eec245c675cd50be95e2d84db48.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:2612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2612-132-0x0000000000000000-mapping.dmp

Download
memory/2612-133-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/2612-134-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/2612-135-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/2612-136-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/2612-137-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/2612-138-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download