80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05

Analysis

max time kernel
300s
max time network
360s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 19:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe
Size

1.3MB
MD5

045a7d604b03b29e892ef6d7495768d8
SHA1

a7383c8a4fdddcb94345d68bcbb81f15a33d79c7
SHA256

80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05
SHA512

82ae12f14afd2be5d270ce75d0b073059f3e1644531e64e9848de600fd3652761e52e823d00cb1215012dc1672c0a1bd2c64351eae359b35d7b295572ece7a75
SSDEEP

24576:zrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPakh:zrKo4ZwCOnYjVmJPaO

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe

description	pid	process	target process
PID 1908 set thread context of 4088	1908	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe

pid	process
4088	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe
4088	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe
4088	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe
4088	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe
4088	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe

description	pid	process	target process
PID 1908 wrote to memory of 4088	1908	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe
PID 1908 wrote to memory of 4088	1908	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe
PID 1908 wrote to memory of 4088	1908	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe
PID 1908 wrote to memory of 4088	1908	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe
PID 1908 wrote to memory of 4088	1908	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe
PID 1908 wrote to memory of 4088	1908	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe
PID 1908 wrote to memory of 4088	1908	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe
PID 1908 wrote to memory of 4088	1908	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe
PID 1908 wrote to memory of 4088	1908	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe
PID 1908 wrote to memory of 4088	1908	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe	80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe

C:\Users\Admin\AppData\Local\Temp\80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe
"C:\Users\Admin\AppData\Local\Temp\80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Users\Admin\AppData\Local\Temp\80dac395b4d9efc9015277e819863e33895f4cb8469a75d4fee892517a210a05.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4088-132-0x0000000000000000-mapping.dmp

Download
memory/4088-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4088-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4088-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4088-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4088-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download