50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4

Analysis

max time kernel
27s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
24-12-2022 18:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe
Size

16KB
MD5

afb7e2fc9f2d3d7f456f5b36ad62ffd0
SHA1

a0fad432648d672286e900af79a5c0bd1c555cf1
SHA256

50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4
SHA512

6dac722c57fe9deb163f542369e0e9ca57c0d838bb95bfbb2dfddd038f12cbcf0e0ecbbaa179cb209fb2d5f72848a21c8032404711383ef75d6c76ff15fe4c10
SSDEEP

48:7rD0dSH9To84B0pOvwbFVlyGKlT6bO0vhn4VkuJCWUbrpp8/F/VXwAEhK2:HD0cHy84BWOobFVkG66OtUbrpePEo2

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 1504 wrote to memory of 1420	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	28
PID 1504 wrote to memory of 1420	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	28
PID 1504 wrote to memory of 1420	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	28
PID 1504 wrote to memory of 1420	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	28
PID 1504 wrote to memory of 1420	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	28
PID 1504 wrote to memory of 1420	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	28
PID 1504 wrote to memory of 1420	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	28
PID 1504 wrote to memory of 1040	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	29
PID 1504 wrote to memory of 1040	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	29
PID 1504 wrote to memory of 1040	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	29
PID 1504 wrote to memory of 1040	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	29
PID 1504 wrote to memory of 1040	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	29
PID 1504 wrote to memory of 1040	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	29
PID 1504 wrote to memory of 1040	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	29
PID 1504 wrote to memory of 1492	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	30
PID 1504 wrote to memory of 1492	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	30
PID 1504 wrote to memory of 1492	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	30
PID 1504 wrote to memory of 1492	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	30
PID 1504 wrote to memory of 1492	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	30
PID 1504 wrote to memory of 1492	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	30
PID 1504 wrote to memory of 1492	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	30
PID 1504 wrote to memory of 1520	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	31
PID 1504 wrote to memory of 1520	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	31
PID 1504 wrote to memory of 1520	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	31
PID 1504 wrote to memory of 1520	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	31
PID 1504 wrote to memory of 1520	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	31
PID 1504 wrote to memory of 1520	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	31
PID 1504 wrote to memory of 1520	1504	50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe	31

C:\Users\Admin\AppData\Local\Temp\50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe
"C:\Users\Admin\AppData\Local\Temp\50fd4034f9619e861a77565991b89c3e01b90fa6f450661856fe4d0bf84f2df4.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1504
- C:\Windows\SysWOW64\Regsvr32.exe
  Regsvr32 /s C:\Windows\system32\DTools.dll
  2⤵
  PID:1420
- C:\Windows\SysWOW64\Regsvr32.exe
  Regsvr32 /s C:\Windows\system32\CyControlFuntions.dll
  2⤵
  PID:1040
- C:\Windows\SysWOW64\Regsvr32.exe
  Regsvr32 /s C:\Windows\system32\HDSXGpsDOReport.dll
  2⤵
  PID:1492
- C:\Windows\SysWOW64\Regsvr32.exe
  Regsvr32 /s C:\Windows\system32\MsHDUserManagerPort.dll
  2⤵
  PID:1520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1420-57-0x0000000075C81000-0x0000000075C83000-memory.dmp

Filesize
8KB

Download
memory/1504-64-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads