cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b

Analysis

max time kernel
155s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 14:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe
Size

11.3MB
MD5

d9ab08c2d38084d6fdb428637e00b85a
SHA1

b5a77b2106b880d065719d286625a1040e489efb
SHA256

cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b
SHA512

4e1bea8043b78caf03e89b09b36fe5b7711932eae4b0e512659524140772b68131a9e3f8faf233b070b70eccb9160e72244fa024193c7c8b0ddee0ba7b653df4
SSDEEP

196608:AtrD5vWG4ov+Tbo16rHtPPf3znaXioTjSzT4SSGExCe2k:AtxF8hNPPvzaXZTjqToGKak

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1440 set thread context of 3548	1440	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	83
PID 3548 set thread context of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84

Suspicious use of WriteProcessMemory 47 IoCs

description	pid	Process	procid_target
PID 1440 wrote to memory of 3548	1440	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	83
PID 1440 wrote to memory of 3548	1440	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	83
PID 1440 wrote to memory of 3548	1440	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	83
PID 1440 wrote to memory of 3548	1440	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	83
PID 1440 wrote to memory of 3548	1440	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	83
PID 1440 wrote to memory of 3548	1440	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	83
PID 1440 wrote to memory of 3548	1440	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	83
PID 1440 wrote to memory of 3548	1440	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	83
PID 1440 wrote to memory of 3548	1440	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	83
PID 1440 wrote to memory of 3548	1440	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	83
PID 1440 wrote to memory of 3548	1440	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	83
PID 1440 wrote to memory of 3548	1440	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	83
PID 1440 wrote to memory of 3548	1440	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	83
PID 1440 wrote to memory of 3548	1440	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	83
PID 1440 wrote to memory of 3548	1440	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	83
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84
PID 3548 wrote to memory of 4732	3548	cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe	84

C:\Users\Admin\AppData\Local\Temp\cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe
"C:\Users\Admin\AppData\Local\Temp\cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1440
- C:\Users\Admin\AppData\Local\Temp\cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe
  "C:\Users\Admin\AppData\Local\Temp\cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:3548
- - C:\Users\Admin\AppData\Local\Temp\cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe
    "C:\Users\Admin\AppData\Local\Temp\cec0c44b64c327fe017f65e381e4c2d0e937f2c47cfbf6a31aed9ca024e32a5b.exe"
    3⤵
    PID:4732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3548-161-0x0000000010410000-0x00000000106F6000-memory.dmp

Filesize
2.9MB

Download
memory/3548-133-0x0000000013140000-0x0000000013519000-memory.dmp

Filesize
3.8MB

Download
memory/3548-134-0x0000000013140000-0x0000000013519000-memory.dmp

Filesize
3.8MB

Download
memory/3548-135-0x0000000013140000-0x0000000013519000-memory.dmp

Filesize
3.8MB

Download
memory/3548-137-0x0000000013140000-0x0000000013519000-memory.dmp

Filesize
3.8MB

Download
memory/3548-138-0x0000000013140000-0x0000000013519000-memory.dmp

Filesize
3.8MB

Download
memory/3548-140-0x0000000013140000-0x0000000013519000-memory.dmp

Filesize
3.8MB

Download
memory/3548-141-0x0000000013140000-0x0000000013519000-memory.dmp

Filesize
3.8MB

Download
memory/3548-142-0x0000000013140000-0x0000000013519000-memory.dmp

Filesize
3.8MB

Download
memory/3548-144-0x0000000013140000-0x0000000013519000-memory.dmp

Filesize
3.8MB

Download
memory/3548-145-0x0000000013140000-0x0000000013519000-memory.dmp

Filesize
3.8MB

Download
memory/3548-171-0x0000000013140000-0x0000000013519000-memory.dmp

Filesize
3.8MB

Download
memory/4732-147-0x0000000000400000-0x0000000000613000-memory.dmp

Filesize
2.1MB

Download
memory/4732-158-0x0000000000400000-0x0000000000613000-memory.dmp

Filesize
2.1MB

Download
memory/4732-151-0x0000000000400000-0x0000000000613000-memory.dmp

Filesize
2.1MB

Download
memory/4732-154-0x0000000000400000-0x0000000000613000-memory.dmp

Filesize
2.1MB

Download
memory/4732-153-0x0000000000400000-0x0000000000613000-memory.dmp

Filesize
2.1MB

Download
memory/4732-155-0x0000000000400000-0x0000000000613000-memory.dmp

Filesize
2.1MB

Download
memory/4732-157-0x0000000000400000-0x0000000000613000-memory.dmp

Filesize
2.1MB

Download
memory/4732-149-0x0000000000400000-0x0000000000613000-memory.dmp

Filesize
2.1MB

Download
memory/4732-159-0x0000000000400000-0x0000000000613000-memory.dmp

Filesize
2.1MB

Download
memory/4732-148-0x0000000000400000-0x0000000000613000-memory.dmp

Filesize
2.1MB

Download
memory/4732-172-0x0000000010410000-0x00000000106F6000-memory.dmp

Filesize
2.9MB

Download
memory/4732-173-0x0000000000400000-0x0000000000613000-memory.dmp

Filesize
2.1MB

Download
memory/4732-174-0x0000000010410000-0x00000000106F6000-memory.dmp

Filesize
2.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads