ed6632751afc66e80808643b3b56bd39e00f2c38ca1ec7b83f8032f8f00e158f | Triage

Analysis

max time kernel
138s
max time network
142s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
18-04-2023 16:51

Sharing

Report Analysis Logs

General

Target

hookloader.exe
Size

38KB
MD5

5e4f6450674e8e6fd031855ea62096b3
SHA1

4dc6fdfc6e6280e565ad38055a7716a23dbf2e68
SHA256

5da71f32fb2df4e0fc78d253351db2a4f0a367d2b80ce7c2522ddb7d94c1a42b
SHA512

c5a5e6bb05f03fe1272c5817d0f660863a5d08ca551e1e6d0407f4112efdc9157d3adea3d24d75d38df09499170569de0908f80a1b93e231643a86cb53dbd608
SSDEEP

768:epxNrvHp5YAxq3M7TAq/yhHtEzN5Kc0UIN9oAlkyLTGg:UtvHXW6zHh9ooAlky

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 4968	2896	hookloader.exe	67
PID 2896 wrote to memory of 4968	2896	hookloader.exe	67

C:\Users\Admin\AppData\Local\Temp\hookloader.exe
"C:\Users\Admin\AppData\Local\Temp\hookloader.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c pause
  2⤵
  PID:4968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads