Analysis
-
max time kernel
138s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
25-11-2022 02:05
Static task
static1
Behavioral task
behavioral1
Sample
3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe
Resource
win10v2004-20220812-en
General
-
Target
3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe
-
Size
1.5MB
-
MD5
8f7c3fa4257a2dbf9f6a522f395cd358
-
SHA1
7f9ad985f08e0de8820707b59e318c4121b97c1e
-
SHA256
3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877
-
SHA512
ea3b22413d7f00c85a3e23ca30ce9e9e69a3d1a4dddbcc7179207598b3e57e50b70ac55682364f15d91a8a4676ea49cde4f84cb6a5c5a9b8c4751af6f5c963ca
-
SSDEEP
24576:1zD5urNhRWx2Mk4JJQByw7Imlq3g495S0PwbphrpgXXOZuv/rTWeR5j4UwJZQUYI:P6/ye0PIphrp9Zuvjqa0Uid7
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exedescription pid process target process PID 2280 set thread context of 1380 2280 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
Processes:
3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exepid process 1380 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe 1380 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe 1380 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe 1380 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe 1380 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe -
Suspicious use of WriteProcessMemory 10 IoCs
Processes:
3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exedescription pid process target process PID 2280 wrote to memory of 1380 2280 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe PID 2280 wrote to memory of 1380 2280 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe PID 2280 wrote to memory of 1380 2280 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe PID 2280 wrote to memory of 1380 2280 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe PID 2280 wrote to memory of 1380 2280 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe PID 2280 wrote to memory of 1380 2280 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe PID 2280 wrote to memory of 1380 2280 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe PID 2280 wrote to memory of 1380 2280 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe PID 2280 wrote to memory of 1380 2280 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe PID 2280 wrote to memory of 1380 2280 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe 3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe"C:\Users\Admin\AppData\Local\Temp\3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe"C:\Users\Admin\AppData\Local\Temp\3600e62800cdaaae9ad552b3eee9ece6159e1e7f3fea451eb1c815e41ee8d877.exe"2⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1380-132-0x0000000000000000-mapping.dmp
-
memory/1380-133-0x0000000000400000-0x00000000004DF000-memory.dmpFilesize
892KB
-
memory/1380-134-0x0000000000400000-0x00000000004DF000-memory.dmpFilesize
892KB
-
memory/1380-135-0x0000000000400000-0x00000000004DF000-memory.dmpFilesize
892KB
-
memory/1380-136-0x0000000000400000-0x00000000004DF000-memory.dmpFilesize
892KB
-
memory/1380-137-0x0000000000400000-0x00000000004DF000-memory.dmpFilesize
892KB