cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02

Analysis

max time kernel
192s
max time network
213s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 14:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe
Size

48KB
MD5

042f4e1b786d9d1ad669931207a12667
SHA1

8c13f881666ecd4fc1d805a1a83d84deeaa30bf1
SHA256

cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02
SHA512

5987c62e1dfbd30803572ff09bcdd6dc55b0fd03c2970b7cc7ecf4a1723751efc15d61d5c4ccbc67eae401ca6285afaa40a1a9a3493387b0acc1c5f8dd10bf1b
SSDEEP

384:6xP7z+14kQS1/Gof16+NMkcB+oGm+k0RgUv8QUbArHqSX8AQjkM7E0:AEQS793SthQnvtjf8Br

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 216 set thread context of 1616	216	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	83

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe
1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 1616	216	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	83
PID 216 wrote to memory of 1616	216	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	83
PID 216 wrote to memory of 1616	216	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	83
PID 216 wrote to memory of 1616	216	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	83
PID 216 wrote to memory of 1616	216	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	83
PID 216 wrote to memory of 1616	216	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	83
PID 216 wrote to memory of 1616	216	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	83
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76
PID 1616 wrote to memory of 740	1616	cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe	76

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:740
- C:\Users\Admin\AppData\Local\Temp\cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe
  "C:\Users\Admin\AppData\Local\Temp\cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:216
- - C:\Users\Admin\AppData\Local\Temp\cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe
    C:\Users\Admin\AppData\Local\Temp\cdee4c3af1ecfce843d77acb40a947aab8bc25d7546f5b7df2ba0e5f82624d02.exe
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1616-133-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1616-135-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1616-136-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download