0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4

Analysis

max time kernel
22s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 19:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe
Size

371KB
MD5

e2440f0ae4154108fc6daded2b2ba4cf
SHA1

60f4f6d733c05861ef1be17e7dc7f13f7b3c2ca5
SHA256

0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4
SHA512

765350cf754cab83b1a454c0ce5b8cacd9bad36b8fd70714745c9ec47cc26d3dbd8cb61f8fa9cbf9c4a6c5da26af9f412a1b0f2da42d9d77be47274dc5210322
SSDEEP

3072:v1tn5ymi8Eu11uZaLJbN2SQ3N7Do0JgT5SVtoaKGlD8yWC242UcdRCU4J4lg4E4I:Zeqb1rrcdpsyD80BPYl8QEihC5

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe

description	pid	process	target process
PID 2028 set thread context of 1452	2028	0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe	0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe

pid	process
1452	0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe
1452	0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe

pid process

2028 0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe

pid	process
2028	0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe

description	pid	process	target process
PID 2028 wrote to memory of 1452	2028	0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe	0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe
PID 2028 wrote to memory of 1452	2028	0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe	0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe
PID 2028 wrote to memory of 1452	2028	0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe	0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe
PID 2028 wrote to memory of 1452	2028	0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe	0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe
PID 2028 wrote to memory of 1452	2028	0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe	0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe
PID 2028 wrote to memory of 1452	2028	0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe	0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe
PID 2028 wrote to memory of 1452	2028	0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe	0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe
PID 2028 wrote to memory of 1452	2028	0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe	0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe
PID 1452 wrote to memory of 1284	1452	0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe	Explorer.EXE
PID 1452 wrote to memory of 1284	1452	0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe	Explorer.EXE
PID 1452 wrote to memory of 1284	1452	0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe	Explorer.EXE
PID 1452 wrote to memory of 1284	1452	0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe	Explorer.EXE

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1284

C:\Users\Admin\AppData\Local\Temp\0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe
"C:\Users\Admin\AppData\Local\Temp\0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe"
2⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2028

C:\Users\Admin\AppData\Local\Temp\0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe
C:\Users\Admin\AppData\Local\Temp\0aea6482bba30e5d1793c133fa2a6e340b664fa05ee8c7e27e9881804057a7c4.exe
3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1452

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1284-62-0x00000000FFFF0000-0x00000000FFFF7000-memory.dmp

Filesize
28KB

Download
memory/1452-58-0x0000000000407C89-mapping.dmp

Download
memory/1452-57-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1452-60-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/1452-61-0x00000000760B1000-0x00000000760B3000-memory.dmp

Filesize
8KB

Download
memory/1452-65-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2028-54-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads