d3dd4c40090512b53e3437344e51e72ee6005dcd49421cc6b558ec0498fd506d

Analysis

max time kernel
275s
max time network
318s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 19:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3dd4c40090512b53e3437344e51e72ee6005dcd49421cc6b558ec0498fd506d.exe
Size

232KB
MD5

b299427e070244f5b942c77864787874
SHA1

501736c765ab24ccde5e09d3b49af7f06d42690d
SHA256

d3dd4c40090512b53e3437344e51e72ee6005dcd49421cc6b558ec0498fd506d
SHA512

d5b871757f53b8257f83f3ee653f4512569ac89d95b7a28dcccdb1f1bd1fdf940d9b59ef6870fc0676649b9504d9fbccf1e6e9073d281b980e4148a75c94ff50
SSDEEP

6144:8X5UGgQDJhKx0umIb+KZG5C5breXGTYSufA09GSGhh3pe3oZ:8CGyxnmIb+POWVo08N5e3o

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3612	tasklist32.exe
3648	tasklist32.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\SysWOW64\tasklist32.exe	d3dd4c40090512b53e3437344e51e72ee6005dcd49421cc6b558ec0498fd506d.exe
File opened for modification	\??\c:\windows\SysWOW64\tasklist32.exe	d3dd4c40090512b53e3437344e51e72ee6005dcd49421cc6b558ec0498fd506d.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2456	d3dd4c40090512b53e3437344e51e72ee6005dcd49421cc6b558ec0498fd506d.exe
3612	tasklist32.exe
3648	tasklist32.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2456 wrote to memory of 3612	2456	d3dd4c40090512b53e3437344e51e72ee6005dcd49421cc6b558ec0498fd506d.exe	80
PID 2456 wrote to memory of 3612	2456	d3dd4c40090512b53e3437344e51e72ee6005dcd49421cc6b558ec0498fd506d.exe	80
PID 2456 wrote to memory of 3612	2456	d3dd4c40090512b53e3437344e51e72ee6005dcd49421cc6b558ec0498fd506d.exe	80
PID 3612 wrote to memory of 3648	3612	tasklist32.exe	81
PID 3612 wrote to memory of 3648	3612	tasklist32.exe	81
PID 3612 wrote to memory of 3648	3612	tasklist32.exe	81

C:\Users\Admin\AppData\Local\Temp\d3dd4c40090512b53e3437344e51e72ee6005dcd49421cc6b558ec0498fd506d.exe
"C:\Users\Admin\AppData\Local\Temp\d3dd4c40090512b53e3437344e51e72ee6005dcd49421cc6b558ec0498fd506d.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2456
- \??\c:\windows\SysWOW64\tasklist32.exe
  c:\windows\system32\tasklist32.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3612
- - \??\c:\windows\SysWOW64\tasklist32.exe
    c:\windows\system32\tasklist32.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\tasklist32.exe

Filesize
232KB

MD5
b299427e070244f5b942c77864787874

SHA1
501736c765ab24ccde5e09d3b49af7f06d42690d

SHA256
d3dd4c40090512b53e3437344e51e72ee6005dcd49421cc6b558ec0498fd506d

SHA512
d5b871757f53b8257f83f3ee653f4512569ac89d95b7a28dcccdb1f1bd1fdf940d9b59ef6870fc0676649b9504d9fbccf1e6e9073d281b980e4148a75c94ff50

Download Submit
C:\Windows\SysWOW64\tasklist32.exe

Filesize
232KB

MD5
b299427e070244f5b942c77864787874

SHA1
501736c765ab24ccde5e09d3b49af7f06d42690d

SHA256
d3dd4c40090512b53e3437344e51e72ee6005dcd49421cc6b558ec0498fd506d

SHA512
d5b871757f53b8257f83f3ee653f4512569ac89d95b7a28dcccdb1f1bd1fdf940d9b59ef6870fc0676649b9504d9fbccf1e6e9073d281b980e4148a75c94ff50

Download Submit
\??\c:\windows\SysWOW64\tasklist32.exe

Filesize
232KB

MD5
b299427e070244f5b942c77864787874

SHA1
501736c765ab24ccde5e09d3b49af7f06d42690d

SHA256
d3dd4c40090512b53e3437344e51e72ee6005dcd49421cc6b558ec0498fd506d

SHA512
d5b871757f53b8257f83f3ee653f4512569ac89d95b7a28dcccdb1f1bd1fdf940d9b59ef6870fc0676649b9504d9fbccf1e6e9073d281b980e4148a75c94ff50

Download Submit
memory/2456-132-0x0000000000400000-0x0000000000814000-memory.dmp

Filesize
4.1MB

Download
memory/2456-146-0x0000000000400000-0x0000000000814000-memory.dmp

Filesize
4.1MB

Download
memory/3612-145-0x0000000000400000-0x0000000000814000-memory.dmp

Filesize
4.1MB

Download
memory/3612-147-0x0000000000400000-0x0000000000814000-memory.dmp

Filesize
4.1MB

Download
memory/3648-144-0x0000000000400000-0x0000000000814000-memory.dmp

Filesize
4.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads