9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572

Analysis

max time kernel
183s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 16:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe
Size

1.3MB
MD5

88d512bc3f0c022ecea1da098cbdda57
SHA1

53c8663749f904674ece8668ac5f280735e0bf2f
SHA256

9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572
SHA512

0003d7f915a1bc13af4da341624cfe7f0ba48b5822199763d157eb09d269ff98f465b376c363b68fb21b1039fc14017d3b074d445751c2d6423469f11d284b0c
SSDEEP

24576:7rKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPakf:7rKo4ZwCOnYjVmJPac

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe

description	pid	process	target process
PID 3768 set thread context of 3336	3768	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe

pid	process
3336	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe
3336	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe
3336	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe
3336	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe
3336	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe

description	pid	process	target process
PID 3768 wrote to memory of 3336	3768	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe
PID 3768 wrote to memory of 3336	3768	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe
PID 3768 wrote to memory of 3336	3768	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe
PID 3768 wrote to memory of 3336	3768	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe
PID 3768 wrote to memory of 3336	3768	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe
PID 3768 wrote to memory of 3336	3768	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe
PID 3768 wrote to memory of 3336	3768	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe
PID 3768 wrote to memory of 3336	3768	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe
PID 3768 wrote to memory of 3336	3768	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe
PID 3768 wrote to memory of 3336	3768	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe	9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe

C:\Users\Admin\AppData\Local\Temp\9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe
"C:\Users\Admin\AppData\Local\Temp\9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3768

C:\Users\Admin\AppData\Local\Temp\9eff9d04c199be465a31d2fdb06e9f62c1b4b184ca5fed2d39a012e1d3d64572.exe
2⤵
- Suspicious use of SetWindowsHookEx
PID:3336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3336-132-0x0000000000000000-mapping.dmp

Download
memory/3336-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3336-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3336-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3336-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3336-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download