40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 00:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe
Size

1.1MB
MD5

e2d787e878ceb09f951997b4a530a30d
SHA1

27fd85f0f3e874e0ee9a38561bf32faab5cd72ef
SHA256

40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d
SHA512

4c4df1a2475146526bba41d82ad7efbee5e904fecebe1ee45fb577f7a7f2677299728e7d4f35fcf4c9cb955ad295528941c9456efbd1092b3ee69cc853a80804
SSDEEP

24576:CF/QS8oTXrxf4XQjfxYE3ncjq5E8TIc4+nDCg1:CNHTtf4XkQq5E8gQ2U

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe

description	pid	process	target process
PID 808 set thread context of 3868	808	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe

pid	process
3868	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe
3868	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe
3868	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe
3868	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe
3868	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe

description	pid	process	target process
PID 808 wrote to memory of 3868	808	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe
PID 808 wrote to memory of 3868	808	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe
PID 808 wrote to memory of 3868	808	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe
PID 808 wrote to memory of 3868	808	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe
PID 808 wrote to memory of 3868	808	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe
PID 808 wrote to memory of 3868	808	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe
PID 808 wrote to memory of 3868	808	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe
PID 808 wrote to memory of 3868	808	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe
PID 808 wrote to memory of 3868	808	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe
PID 808 wrote to memory of 3868	808	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe	40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe

C:\Users\Admin\AppData\Local\Temp\40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe
"C:\Users\Admin\AppData\Local\Temp\40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:808
- C:\Users\Admin\AppData\Local\Temp\40fd30c5a5a79e47f1ace8e0decb3215ab147feff6d75e006078cb81f982c28d.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3868-132-0x0000000000000000-mapping.dmp

Download
memory/3868-133-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/3868-134-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/3868-135-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/3868-136-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/3868-137-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download