a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6

General

Target

a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6.exe
Size

180KB
MD5

ea8060c6c0166b43da8e3afb51a57b2b
SHA1

93451c220673bae207f5d161f80cd9cc8c93553c
SHA256

a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6
SHA512

7d3e8dbeef7004932fb4d1b4a5ad8c7c25dace8703959c9bccae16eb98f8c388e351b88954a08a6ed2188ae973f95c452df1376df7de57f3587258378b7a7c87
SSDEEP

3072:vxIZuTGFda0fXIy5nqJ/O2B/fSeuQ16VENnFgdNaFqlicExE7:vxIZuSFda0PIung2GPuOHHgaFqlicEx0

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1480 set thread context of 1712	1480	a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6.exe	28

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\PCGWIN32.LI5	a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\{CE1E4D9A-06508847-5674EB7C-C113EAA0}	a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\{CE1E4D9A-06508847-5674EB7C-C113EAA0}\ = dbe1edc74a96f68be37a302a1fc3ca9d4548dc7d352bdfa249e29c1408319b2c4d39186c0d3804155c7089e503e3aafd426b0bfa02d24afac56a83bb1d5274cb519d08775c1eb5b7dfdeb6c9e027de4ec8f962ef0dd9d833f7621ed5373fae1619cf0c9905305359f28b9add0c0b3902e83d5d28f47f1fd6c93e87e9714758eef3c65ad075729093894a7ba4d27e74976d0e44f9efe8b9be17d63ece1718beb3c25acf4b861da1b4902231bd672b0edaa7f4c19eacc9dae0f4c3a225bc40aae9e4c343b52ad0fcbaeaaa3a3a2b13fa8a6dbab86c2f05a6a081dd57378e2e78d92b8b2242520afbddadb77b1eaab77a2e2ba7fa3e2b97fd3eabd77d3194948d4c1859b3f06d6e4407d11e77b75eee49d9e4c8b23e2a573d8e2887b99e2fb726ee1f67b6911ebbc955d80c71d9d08b095d983431e110abce45464cd139cb683d3e28299da0f7cadefa892a8465e0fc08d761ce3c5956b77fa1565731ce6846a14ffb6695cfcf19260cafc7065e3f081627404eb727e12ea4b9ccd0e4f79211cc78c5efb019def4c85dc4c84c981b8c8a249a238c8af8c26f340613e0fae4ac1c387757ee7ee797fe0e69e7fc01d7b00e64194db0d82b72c55bdf0a09bb1812cf8b467a9f6b3625d08c800446afbf796950e0c13e67973e0117008e27a7be5e28f7236e3a47935e3dc91423c31a720ba53a3055e63c901574b09dd388ca46e3d1150f70e6e9711f9cf64a6125d00c8e7bb8aa2e1d07b44ebbcc6116ef3463fc289b6bf3c7a46ce39d83122fed4dcc5868b5c33826cd86515ab1b52607fda2fdca174d4ca894bb012a985a334ba21a330daa7845ed83e41501cc733a1aed8d13bb8ead981b744a2f23e665809034369fa149a3a45d41b4c09fbe49a8b83ca8171cbe8be8bd265701bee0a95d63c88ad984f05c18c9891c9b8b757d2c289bdd32f4e513dc4d7504af4f99a64b01e2db6cf565630cda7bcc2d1a184bb1da978d01675c5e4bf79aa10b37225edb494a00dd29c800e77a4e95f9f3936a451d20f7abd1fa072a1e05f7dc2e48e605702cd1a5f7a0e1439325bde097ecf1861cf14adce5f5ff13e9b29f948972bb1bd5f270e52d6ce798218c2484a1dc27882ea5e7fc1e55f6b39095b2bf92a932a755913cf3975df188af7b19d2744d611b6cca19da347450938f4239cbd462c1342ce344edcf87d92ecfa7596ec886c04ec6a75e2ec9c7db21f5e0af60b90dd7f83eeba98547d32ec527132e8a4743de42b7121e8d76db1fcdb627908eb2b924145f4136609faec938bb2d2d8438fe2f16a60f2ec6197f34d693800d6ef84797fe4128acfb86525e3cf7296e7899eb34c5d08fbae66aaea5d843f0cae6226eedd9988bb362e51a6f8d06c7e1f128e3274dc1b83b6f2ab9a553cffae6ac8fa7f9de2b8842c6e380caf73ba155eff0f9dcef34395f94f67fef56e60e61a7f401dff436e0508cfbe7eda1e7a781c1e7abeebab9eba885c4d302f58be3254dc0989f4fb6e69fbe36969ff0b66e50878b7e7da8143e3fd716f1bf9be932df95897cdb94324c54a7013e5017b1bed7a9817833105acb4dbd18144abd9b14cdbd8454f04d1ee4491224f59353baca52c4fdfe6b16624f6399cacfba1954747ddfd409433cb217640e3d47d4fe0d28e72161e0a494303093a9452340c29502bc9b6872f9a41760fefd57abfe9a29cd9c8709911c3bc8527cb597a04169d41f31b6e31085b1935ff5b62c215ac8cd3ea79771719490830f750690f1749be30d0298f2325295850363cad23c3bd7ed319b948dbea75621f19c6f4a0605efcfe639aed4d8b1ca98c2f67a5ead0998d8b5cfa066f71f5ec988235a02b5fb602a92057cefeb199d3474a36f0de6041031096400f367a21e5c778b6e45592c8b072541c090143af1ab2f65c63c4ed6270e2ed959880fa36692110d4847414eb327250efc19d6b04e18c731d118cf715998cc31c698e0b17c5bd5b2cf5cf9352f1ca60b41baabd445fee0e8828265b4039eaac8c47b3e5269759f1c89766351d20842037b5a52f5f3ac2519300c1fe4762ed1d90f74e6e16eecf9c5afac86faf12c979b810d2bd842cbb302e2350aef0559c0c8b224559f4c091a2075d5200c13277ae1d54bf0e2e31a62b5dd5fb73691defbc86d26447f1f16b67edfa9f6c3d1ba4015fb73956a4f5b06f2d152b38b653d2c94a7bceea8e724eebd26978f817907905e0d49e47c22eb859abf4c299b588db5479cbe4968e0e1731b52b24d5ce43520ef29f9d82f8c261b9f72c95de048c9dfa076f8611240bdfd6b1702fed428329d13b4822f34061ff136686104ecc1e7f30ea53900acafc6469061fecce938e0e9b71b9eb2c86b5a9d3377d2ae0d47dbceb54763218ac09dbe7717ae4e5879376c1eb8371251fdc02becfa1a6d33e49add32c82d63d8bd776bdeda378c9e8709fe3c9617b0bedad672fe93a8b2ba9dea881b9d8ab41ba30aaafc8354c28f75399f9049b0846a639ba5b27f13968a71bdab6b05fa306c91bbc32d2dd8188f0fa646afd1060f7e0617d14e4f47067e2fd7667ef157138e32b9ed6b87a27e541633b1e51be3ca153a3095d38c0225d22cb4855ccc8bfb65d2f004284dffb896ad8144b0321fed49e7205149c844de2fb67911a8801c0df5d890cf894684ff0da9b8a36e1d6748de59888804c37d5a688c014447afbe06e8e19b1332ca64226395028c7527a06ee686ae8ef8662d3f7b962a0f7da6a84ffeb9a82b1e0277dd6e77671ede37496e58387569205c1b4b32c26a4ae35d9d4877a36e0299e3883d46d49f4c492500ecc6841e0cc965989c76f5a16c7f5b160d31a4200ca7b93e57e87e86d75e31b7149ec3097a63d36ac225f33c2d57988e4c1979b0d46a4205731c2a7783dee289d520cc3f6716a1b18fd3b9b5ab1fe576731f92b6bbe052d034bcd3d6fdf197d8ce4986c0eec1a6c8ff5da9c89f3b09ed0467edfe47e82ec6c740eedb47f5ced3984d481879b1d0ef7ac62b911ab4b3d2ea441c3d0be8c2fbb21263050dc3a41520f0f9612fa8c67e3e2997fc8129571c3e89a93c24d6c3bec2a8aae4e44fd04632a193a48a7043e51503b0d22a73bba22d03b89212728b631d8288d20275b3205583b09a6b4aa5e37f45965c0175d41ccd7587ac21e47c5e55778c6e27d9de4b0862db950db3b81597404e1506738fa239e294750c50c54503c0a285b3106a40224bd31a8535702c696703cea2b9d4280e07670eee990630ff27292ea0666dff78e92823593234ed6138501579ff976931fc2016c1817f6fd626b0c099d20c0205439002b1931cc53583d0e5b8fc2e9567c37e3d695484c10dd418f1c994bf832982a4d23c32a96323e2a2b33212ab422543b0522033b5222f23a6b21e12b705210cfc45d480b0cee946fc3f14d68301750090bf79e9d4e773d115bffce9e8245e81b7186e0f860600a1e9f303ddc28b45a5ec83863d40945b4c326593acf2bbeb55e2cc1424b1f36f52a6cb61fa9713417588e01b940a30c557bf0e2978406d9318820d9d78f4ad9edbb68d10fb7beaaaa5dbbc72eaaa645a2dcba485cea0a7f31e6a76a4519e70b6d3ae759850ceb3a6ddcfb4c6e2301a578d8e07871e7e37d79e8108abdb05ca1c7db5d4dffd	a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\{CE1E4D9A-06508847-5674EB7C-C113EAA0}\ = 6d7a7e654a96f68be37a302a1fc3ca9d4548dc7d352bdfa249e29c1408319b2c4d39186c0d3804155c7089e503e3aafd426b0bfa02d24afac56a83bb1d5274cb519d08775c1eb5b7dfdeb6c9e027de4ec8f962ef0dd9d833f7621ed5373fae1619cf0c9905305359f28b9add0c0b3902e83d5d28f47f1fd6c93e87e9714758eef3c65ad075729093894a7ba4d27e74976d0e44f9efe8b9be17d63ece1718beb3c25acf4b861da1b4902231bd672b0edaa7f4c19eacc9dae0f4c3a225bc40aae9e4c343b52ad0fcbaeaaa3a3a2b13fa8a6dbab86c2f05a6a081dd57378e2e78d92b8b2242520afbddadb77b1eaab77a2e2ba7fa3e2b97fd3eabd77d3194948d4c1859b3f06d6e4407d11e77b75eee49d9e4c8b23e2a573d8e2887b99e2fb726ee1f67b6911ebbc955d80c71d9d08b095d983431e110abce45464cd139cb683d3e28299da0f7cadefa892a8465e0fc08d761ce3c5956b77fa1565731ce6846a14ffb6695cfcf19260cafc7065e3f081627404eb727e12ea4b9ccd0e4f79211cc78c5efb019def4c85dc4c84c981b8c8a249a238c8af8c26f340613e0fae4ac1c387757ee7ee797fe0e69e7fc01d7b00e64194db0d82b72c55bdf0a09bb1812cf8b467a9f6b3625d08c800446afbf796950e0c13e67973e0117008e27a7be5e28f7236e3a47935e3dc91423c31a720ba53a3055e63c901574b09dd388ca46e3d1150f70e6e9711f9cf64a6125d00c8e7bb8aa2e1d07b43e2ecc6116ef3463fc289b6bf3c7a46ce39d83122fed4dcc5868b5c33826cd86515ab1b52607fda2fdca174d4ca894bb012a985a334ba21a330daa7845ed83e41501cc733a1aed8d13bb8ead981b744a2f23e665809034369fa149a3a45d41b4c09fbe49a8b83ca8171cbe8be8bd265701bee0a95d63c88ad984f05c18c9891c9b8b757d2c289bdd32f4e513dc4d7504af4f99a64b01e2db6cf565630cda7bcc2d1a184bb1da978d01675c5e4bf79aa10b37225edb494a00dd29c800e77a4e95f9f3936a451d20f7abd1fa072a1e05f7dc2e48e605702cd1a5f7a0e1439325bde097ecf1861cf14adce5f5ff13e9b29f948972bb1bd5f270e52d6ce798218c2484a1dc27882ea5e7fc1e55f6b39095b2bf92a932a755913cf3975df188af7b19d2744d611b6cca19da347450938f4239cbd462c1342ce344edcf87d92ecfa7596ec886c04ec6a75e2ec9c7db21f5e0af60b90dd7f83eeba98547d32ec527132e8a4743de42b7121e8d76db1fcdb627908eb2b924145f4136609faec938bb2d2d8438fe2f16a60f2ec6197f34d693800d6ef84797fe4128acfb86525e3cf7296e7899eb34c5d08fbae66aaea5d843f0cae6226eedd9988bb362e51a6f8d06c7e1f128e3274dc1b83b6f2ab9a553cffae6ac8fa7f9de2b8842c6e380caf73ba155eff0f9dcef34395f94f67fef56e60e61a7f401dff436e0508cfbe7eda1e7a781c1e7abeebab9eba885c4d302f58be3254dc0989f4fb6e69fbe36969ff0b66e50878b7e7da8143e3fd716f1bf9be932df95897cdb94324c54a7013e5017b1bed7a9817833105acb4dbd18144abd9b14cdbd8454f04d1ee4491224f59353baca52c4fdfe6b16624f6399cacfba1954747ddfd409433cb217640e3d47d4fe0d28e72161e0a494303093a9452340c29502bc9b6872f9a41760fefd57abfe9a29cd9c8709911c3bc8527cb597a04169d41f31b6e31085b1935ff5b62c215ac8cd3ea79771719490830f750690f1749be30d0298f2325295850363cad23c3bd7ed319b948dbea75621f19c6f4a0605efcfe639aed4d8b1ca98c2f67a5ead0998d8b5cfa066f71f5ec988235a02b5fb602a92057cefeb199d3474a36f0de6041031096400f367a21e5c778b6e45592c8b072541c090143af1ab2f65c63c4ed6270e2ed959880fa36692110d4847414eb327250efc19d6b04e18c731d118cf715998cc31c698e0b17c5bd5b2cf5cf9352f1ca60b41baabd445fee0e8828265b4039eaac8c47b3e5269759f1c89766351d20842037b5a52f5f3ac2519300c1fe4762ed1d90f74e6e16eecf9c5afac86faf12c979b810d2bd842cbb302e2350aef0559c0c8b224559f4c091a2075d5200c13277ae1d54bf0e2e31a62b5dd5fb73691defbc86d26447f1f16b67edfa9f6c3d1ba4015fb73956a4f5b06f2d152b38b653d2c94a7bceea8e724eebd26978f817907905e0d49e47c22eb859abf4c299b588db5479cbe4968e0e1731b52b24d5ce43520ef29f9d82f8c261b9f72c95de048c9dfa076f8611240bdfd6b1702fed428329d13b4822f34061ff136686104ecc1e7f30ea53900acafc6469061fecce938e0e9b71b9eb2c86b5a9d3377d2ae0d47dbceb54763218ac09dbe7717ae4e5879376c1eb8371251fdc02becfa1a6d33e49add32c82d63d8bd776bdeda378c9e8709fe3c9617b0bedad672fe93a8b2ba9dea881b9d8ab41ba30aaafc8354c28f75399f9049b0846a639ba5b27f13968a71bdab6b05fa306c91bbc32d2dd8188f0fa646afd1060f7e0617d14e4f47067e2fd7667ef157138e32b9ed6b87a27e541633b1e51be3ca153a3095d38c0225d22cb4855ccc8bfb65d2f004284dffb896ad8144b0321fed49e7205149c844de2fb67911a8801c0df5d890cf894684ff0da9b8a36e1d6748de59888804c37d5a688c014447afbe06e8e19b1332ca64226395028c7527a06ee686ae8ef8662d3f7b962a0f7da6a84ffeb9a82b1e0277dd6e77671ede37496e58387569205c1b4b32c26a4ae35d9d4877a36e0299e3883d46d49f4c492500ecc6841e0cc965989c76f5a16c7f5b160d31a4200ca7b93e57e87e86d75e31b7149ec3097a63d36ac225f33c2d57988e4c1979b0d46a4205731c2a7783dee289d520cc3f6716a1b18fd3b9b5ab1fe576731f92b6bbe052d034bcd3d6fdf197d8ce4986c0eec1a6c8ff5da9c89f3b09ed0467edfe47e82ec6c740eedb47f5ced3984d481879b1d0ef7ac62b911ab4b3d2ea441c3d0be8c2fbb21263050dc3a41520f0f9612fa8c67e3e2997fc8129571c3e89a93c24d6c3bec2a8aae4e44fd04632a193a48a7043e51503b0d22a73bba22d03b89212728b631d8288d20275b3205583b09a6b4aa5e37f45965c0175d41ccd7587ac21e47c5e55778c6e27d9de4b0862db950db3b81597404e1506738fa239e294750c50c54503c0a285b3106a40224bd31a8535702c696703cea2b9d4280e07670eee990630ff27292ea0666dff78e92823593234ed6138501579ff976931fc2016c1817f6fd626b0c099d20c0205439002b1931cc53583d0e5b8fc2e9567c37e3d695484c10dd418f1c994bf832982a4d23c32a96323e2a2b33212ab422543b0522033b5222f23a6b21e12b705210cfc45d480b0cee946fc3f14d68301750090bf79e9d4e773d115bffce9e8245e81b7186e0f860600a1e9f303ddc28b45a5ec83863d40945b4c326593acf2bbeb55e2cc1424b1f36f52a6cb61fa9713417588e01b940a30c557bf0e2978406d9318820d9d78f4ad9edbb68d10fb7beaaaa5dbbc72eaaa645a2dcba485cea0a7f31e6a76a4519e70b6d3ae759850ceb3a6ddcfb4c6e2301a578d8e07871e7e37d79e8108abdb05ca1c7db5d4dffd	a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\{CE1E4D9A-06508847-5674EB7C-C113EAA0}\ = 7a214d8e4a96f68be37a302a1fc3ca9d4548dc7d352bdfa249e29c1408319b2c4d39186c0d3804155c7089e503e3aafd426b0bfa02d24afac56a83bb1d5274cb519d08775c1eb5b7dfdeb6c9e027de4ec8f962ef0dd9d833f7621ed5373fae1619cf0c9905305359f28b9add0c0b3902e83d5d28f47f1fd6c93e87e9714758eef3c65ad075729093894a7ba4d27e74976d0e44f9efe8b9be17d63ece1718beb3c55acf4b861da1b4902231bd672b0edaa7f4c19eacc9dae0f4c3a225bc40aae9e4c343b52ad0fcbaeaaa3a3a2b13fa8a6dbab86c2f05a6a081dd57378e2e78d92b8b2242520afbddadb77b1eaab77a2e2ba7fa3e2b97fd3eabd77d3194948d4c1859b3f06d6e4407d11e77b75eee49d9e4c8b23e2a573d8e2887b99e2fb726ee1f67b6911ebbc955d80c71d9d08b095d983431e110abce45464cd139cb683d3e28299da0f7cadefa892a8465e0fc08d761ce3c5956b77fa1565731ce6846a14ffb6695cfcf19260cafc7065e3f081627404eb727e12ea4b9ccd0e4f79211cc78c5efb019def4c85dc4c84c981b8c8a249a238c8af8c26f340613e0fae4ac1c387757ee7ee797fe0e69e7fc01d7b00e64194db0d82b72c55bdf0a09bb1812cf8b467a9f6b3625d08c800446afbf796950e0c13e67973e0117008e27a7be5e28f7236e3a47935e3dc91423c31a720ba53a3055e63c901574b09dd388ca46e3d1150f70e6e9711f9cf64a6125d00c8e7bb8aa2e1d07b4dedbcd6116ef3463fc289b6bf3c7a46ce39d83122fed4dcc5868b5c33826cd86515ab1b52607fda2fdca174d4ca894bb012a985a334ba21a330daa7845ed83e41501cc733a1aed8d13bb8ead981b744a2f23e665809034369fa149a3a45d41b4c09fbe49a8b83ca8171cbe8be8bd265701bee0a95d63c88ad984f05c18c9891c9b8b757d2c289bdd32f4e513dc4d7504af4f99a64b01e2db6cf565630cda7bcc2d1a184bb1da978d01675c5e4bf79aa10b37225edb494a00dd29c800e77a4e95f9f3936a451d20f7abd1fa072a1e05f7dc2e48e605702cd1a5f7a0e1439325bde097ecf1861cf14adce5f5ff13e9b29f948972bb1bd5f270e52d6ce798218c2484a1dc27882ea5e7fc1e55f6b39095b2bf92a932a755913cf3975df188af7b19d2744d611b6cca19da347450938f4239cbd462c1342ce344edcf87d92ecfa7596ec886c04ec6a75e2ec9c7db21f5e0af60b90dd7f83eeba98547d32ec527132e8a4743de42b7121e8d76db1fcdb627908eb2b924145f4136609faec938bb2d2d8438fe2f16a60f2ec6197f34d693800d6ef84797fe4128acfb86525e3cf7296e7899eb34c5d08fbae66aaea5d843f0cae6226eedd9988bb362e51a6f8d06c7e1f128e3274dc1b83b6f2ab9a553cffae6ac8fa7f9de2b8842c6e380caf73ba155eff0f9dcef34395f94f67fef56e60e61a7f401dff436e0508cfbe7eda1e7a781c1e7abeebab9eba885c4d302f58be3254dc0989f4fb6e69fbe36969ff0b66e50878b7e7da8143e3fd716f1bf9be932df95897cdb94324c54a7013e5017b1bed7a9817833105acb4dbd18144abd9b14cdbd8454f04d1ee4491224f59353baca52c4fdfe6b16624f6399cacfba1954747ddfd409433cb217640e3d47d4fe0d28e72161e0a494303093a9452340c29502bc9b6872f9a41760fefd57abfe9a29cd9c8709911c3bc8527cb597a04169d41f31b6e31085b1935ff5b62c215ac8cd3ea79771719490830f750690f1749be30d0298f2325295850363cad23c3bd7ed319b948dbea75621f19c6f4a0605efcfe639aed4d8b1ca98c2f67a5ead0998d8b5cfa066f71f5ec988235a02b5fb602a92057cefeb199d3474a36f0de6041031096400f367a21e5c778b6e45592c8b072541c090143af1ab2f65c63c4ed6270e2ed959880fa36692110d4847414eb327250efc19d6b04e18c731d118cf715998cc31c698e0b17c5bd5b2cf5cf9352f1ca60b41baabd445fee0e8828265b4039eaac8c47b3e5269759f1c89766351d20842037b5a52f5f3ac2519300c1fe4762ed1d90f74e6e16eecf9c5afac86faf12c979b810d2bd842cbb302e2350aef0559c0c8b224559f4c091a2075d5200c13277ae1d54bf0e2e31a62b5dd5fb73691defbc86d26447f1f16b67edfa9f6c3d1ba4015fb73956a4f5b06f2d152b38b653d2c94a7bceea8e724eebd26978f817907905e0d49e47c22eb859abf4c299b588db5479cbe4968e0e1731b52b24d5ce43520ef29f9d82f8c261b9f72c95de048c9dfa076f8611240bdfd6b1702fed428329d13b4822f34061ff136686104ecc1e7f30ea53900acafc6469061fecce938e0e9b71b9eb2c86b5a9d3377d2ae0d47dbceb54763218ac09dbe7717ae4e5879376c1eb8371251fdc02becfa1a6d33e49add32c82d63d8bd776bdeda378c9e8709fe3c9617b0bedad672fe93a8b2ba9dea881b9d8ab41ba30aaafc8354c28f75399f9049b0846a639ba5b27f13968a71bdab6b05fa306c91bbc32d2dd8188f0fa646afd1060f7e0617d14e4f47067e2fd7667ef157138e32b9ed6b87a27e541633b1e51be3ca153a3095d38c0225d22cb4855ccc8bfb65d2f004284dffb896ad8144b0321fed49e7205149c844de2fb67911a8801c0df5d890cf894684ff0da9b8a36e1d6748de59888804c37d5a688c014447afbe06e8e19b1332ca64226395028c7527a06ee686ae8ef8662d3f7b962a0f7da6a84ffeb9a82b1e0277dd6e77671ede37496e58387569205c1b4b32c26a4ae35d9d4877a36e0299e3883d46d49f4c492500ecc6841e0cc965989c76f5a16c7f5b160d31a4200ca7b93e57e87e86d75e31b7149ec3097a63d36ac225f33c2d57988e4c1979b0d46a4205731c2a7783dee289d520cc3f6716a1b18fd3b9b5ab1fe576731f92b6bbe052d034bcd3d6fdf197d8ce4986c0eec1a6c8ff5da9c89f3b09ed0467edfe47e82ec6c740eedb47f5ced3984d481879b1d0ef7ac62b911ab4b3d2ea441c3d0be8c2fbb21263050dc3a41520f0f9612fa8c67e3e2997fc8129571c3e89a93c24d6c3bec2a8aae4e44fd04632a193a48a7043e51503b0d22a73bba22d03b89212728b631d8288d20275b3205583b09a6b4aa5e37f45965c0175d41ccd7587ac21e47c5e55778c6e27d9de4b0862db950db3b81597404e1506738fa239e294750c50c54503c0a285b3106a40224bd31a8535702c696703cea2b9d4280e07670eee990630ff27292ea0666dff78e92823593234ed6138501579ff976931fc2016c1817f6fd626b0c099d20c0205439002b1931cc53583d0e5b8fc2e9567c37e3d695484c10dd418f1c994bf832982a4d23c32a96323e2a2b33212ab422543b0522033b5222f23a6b21e12b705210cfc45d480b0cee946fc3f14d68301750090bf79e9d4e773d115bffce9e8245e81b7186e0f860600a1e9f303ddc28b45a5ec83863d40945b4c326593acf2bbeb55e2cc1424b1f36f52a6cb61fa9713417588e01b940a30c557bf0e2978406d9318820d9d78f4ad9edbb68d10fb7beaaaa5dbbc72eaaa645a2dcba485cea0a7f31e6a76a4519e70b6d3ae759850ceb3a6ddcfb4c6e2301a578d8e07871e7e37d79e8108abdb05ca1c7db5d4dffd	a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1712	a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6.exe
1712	a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1480	a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1480 wrote to memory of 1712	1480	a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6.exe	28
PID 1480 wrote to memory of 1712	1480	a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6.exe	28
PID 1480 wrote to memory of 1712	1480	a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6.exe	28
PID 1480 wrote to memory of 1712	1480	a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6.exe	28
PID 1480 wrote to memory of 1712	1480	a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6.exe	28
PID 1480 wrote to memory of 1712	1480	a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6.exe	28
PID 1480 wrote to memory of 1712	1480	a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6.exe	28
PID 1712 wrote to memory of 1212	1712	a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6.exe	14
PID 1712 wrote to memory of 1212	1712	a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6.exe	14
PID 1712 wrote to memory of 1212	1712	a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6.exe	14
PID 1712 wrote to memory of 1212	1712	a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6.exe	14

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1212
- C:\Users\Admin\AppData\Local\Temp\a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6.exe
  "C:\Users\Admin\AppData\Local\Temp\a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Drops file in Windows directory
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1480
- - C:\Users\Admin\AppData\Local\Temp\a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6.exe
    C:\Users\Admin\AppData\Local\Temp\a0e0171c9633f10b8a2557f97a38e4d88dab78a8eb491327db1f5ffe336f1ca6.exe
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1212-67-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1480-54-0x0000000076261000-0x0000000076263000-memory.dmp

Filesize
8KB

Download
memory/1480-56-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1480-64-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1712-58-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1712-59-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1712-62-0x0000000000407D82-mapping.dmp

Download
memory/1712-61-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1712-65-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1712-70-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1712-71-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download

Analysis

Sharing