1eb27116f207a0701aec816404a6c5ede66550231b2b7bf84981d353cba35d9a | Triage

Analysis

max time kernel
261s
max time network
264s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
02/04/2023, 13:34

Sharing

Report Analysis Logs

General

Target

hookloader.exe
Size

14KB
MD5

2d81016e823c1f2983b70902d510e2cb
SHA1

c83763ce1f16bee1b4c63ff80a181dc1b40e0d27
SHA256

1eb27116f207a0701aec816404a6c5ede66550231b2b7bf84981d353cba35d9a
SHA512

8df567b6f153d0cc738c2da1c7caa6d906af5656455c6fc17e51b0d4f43d18e757ea2f74843bd3d7e0791e9ec488136ac01fa3c0aebec8b2eef4789a84f95491
SSDEEP

192:jd326f/bCoq+IeXCutfAkIUNzEa5UK4PiaAws681iW5tfqXU/H:x326f/Goq+IQjfLvNWKc7

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4356 wrote to memory of 1720	4356	hookloader.exe	84
PID 4356 wrote to memory of 1720	4356	hookloader.exe	84

C:\Users\Admin\AppData\Local\Temp\hookloader.exe
"C:\Users\Admin\AppData\Local\Temp\hookloader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c pause
  2⤵
  PID:1720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads