Analysis
-
max time kernel
144s -
max time network
204s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
01/12/2022, 14:49
Behavioral task
behavioral1
Sample
d8affffa895ba6a1c637423716246306df8304a7265d8a6598e14408928d6a5e.exe
Resource
win7-20220812-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
d8affffa895ba6a1c637423716246306df8304a7265d8a6598e14408928d6a5e.exe
Resource
win10v2004-20220812-en
4 signatures
150 seconds
General
-
Target
d8affffa895ba6a1c637423716246306df8304a7265d8a6598e14408928d6a5e.exe
-
Size
153KB
-
MD5
06e8d94677b65bb618c61917b2bdc7cd
-
SHA1
b5fbdbe02641d4692e34ddbd5f212759a963fda7
-
SHA256
d8affffa895ba6a1c637423716246306df8304a7265d8a6598e14408928d6a5e
-
SHA512
14cedd4509e998abbf87c1e2fb77595e431956a7e044844fe0f259c876a7c8f9956f8dcb72c4cd0071efb460a6ebe6445d9cfbc05dd5b284285861b51eb7a5c0
-
SSDEEP
3072:uSlqRgH9YRO55T1ldTLSYo3YqFYWPYY8F3x3+/ONIul+X:uokWdT1bLStNFYAr8FBgu
Score
8/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4924-132-0x0000000000400000-0x0000000000454000-memory.dmp upx behavioral2/memory/4924-135-0x0000000000400000-0x0000000000454000-memory.dmp upx behavioral2/memory/4924-141-0x0000000000400000-0x0000000000454000-memory.dmp upx -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 4924 set thread context of 5080 4924 d8affffa895ba6a1c637423716246306df8304a7265d8a6598e14408928d6a5e.exe 79 -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4924 d8affffa895ba6a1c637423716246306df8304a7265d8a6598e14408928d6a5e.exe -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 4924 wrote to memory of 5080 4924 d8affffa895ba6a1c637423716246306df8304a7265d8a6598e14408928d6a5e.exe 79 PID 4924 wrote to memory of 5080 4924 d8affffa895ba6a1c637423716246306df8304a7265d8a6598e14408928d6a5e.exe 79 PID 4924 wrote to memory of 5080 4924 d8affffa895ba6a1c637423716246306df8304a7265d8a6598e14408928d6a5e.exe 79 PID 4924 wrote to memory of 5080 4924 d8affffa895ba6a1c637423716246306df8304a7265d8a6598e14408928d6a5e.exe 79 PID 4924 wrote to memory of 5080 4924 d8affffa895ba6a1c637423716246306df8304a7265d8a6598e14408928d6a5e.exe 79 PID 4924 wrote to memory of 5080 4924 d8affffa895ba6a1c637423716246306df8304a7265d8a6598e14408928d6a5e.exe 79 PID 4924 wrote to memory of 5080 4924 d8affffa895ba6a1c637423716246306df8304a7265d8a6598e14408928d6a5e.exe 79 PID 4924 wrote to memory of 5080 4924 d8affffa895ba6a1c637423716246306df8304a7265d8a6598e14408928d6a5e.exe 79 PID 4924 wrote to memory of 5080 4924 d8affffa895ba6a1c637423716246306df8304a7265d8a6598e14408928d6a5e.exe 79 PID 5080 wrote to memory of 2640 5080 d8affffa895ba6a1c637423716246306df8304a7265d8a6598e14408928d6a5e.exe 72 PID 5080 wrote to memory of 2640 5080 d8affffa895ba6a1c637423716246306df8304a7265d8a6598e14408928d6a5e.exe 72
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:2640
-
C:\Users\Admin\AppData\Local\Temp\d8affffa895ba6a1c637423716246306df8304a7265d8a6598e14408928d6a5e.exe"C:\Users\Admin\AppData\Local\Temp\d8affffa895ba6a1c637423716246306df8304a7265d8a6598e14408928d6a5e.exe"2⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4924 -
C:\Users\Admin\AppData\Local\Temp\d8affffa895ba6a1c637423716246306df8304a7265d8a6598e14408928d6a5e.exe"C:\Users\Admin\AppData\Local\Temp\d8affffa895ba6a1c637423716246306df8304a7265d8a6598e14408928d6a5e.exe"3⤵
- Suspicious use of WriteProcessMemory
PID:5080
-
-