a26a1ffb81a61281ffa55cb7778cc3fb0ff981704de49f75f51f18b283fba7a2 | Triage

Analysis

max time kernel
103s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
06/06/2023, 12:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

conHost.exe
Size

847KB
MD5

17a7131db3e37157c6d3c09a0bae95d3
SHA1

edd3f649f5f0556d2edc8b19265adb6b93465721
SHA256

a26a1ffb81a61281ffa55cb7778cc3fb0ff981704de49f75f51f18b283fba7a2
SHA512

cb225a3cea0b8e00b6c6ebc91366cc5fe47264660b097073127ec6a61fe026b72421982b8f7f536815cfd3b592162c39580b649b19b0cb971c04fe2fd3005d7b
SSDEEP

12288:CEA9haaJkvmZOxGVG7/55aJhDXAfZGzq1OtURAOQJIkR:zA9harvSOxV7xMD2Mq1O8AjJIU

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3536	conHost.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3536 wrote to memory of 4720	3536	conHost.exe	86
PID 3536 wrote to memory of 4720	3536	conHost.exe	86

C:\Users\Admin\AppData\Local\Temp\conHost.exe
"C:\Users\Admin\AppData\Local\Temp\conHost.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe
  2⤵
  PID:4720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads