b5d9068aa14403640a2a2c97df9e96d128d017edb101d3febb2cb71bdac7dbf0 | Triage

Analysis

max time kernel
64s
max time network
75s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
31/10/2023, 23:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

conhost.exe
Size

853KB
MD5

9430b20076a19e6ed9084530ddcc8caa
SHA1

86ea45d51c1d7aeebdaec5dd072464b414694e15
SHA256

b5d9068aa14403640a2a2c97df9e96d128d017edb101d3febb2cb71bdac7dbf0
SHA512

b8a740aac8d3f592dd0e25a52a7e18ea18ed1985144cd6b16e5c3eaf0ad7c74b630ed9ed735dd06b0f7b356fbdc4bc90b99f6a493c8b9b7d1ce59e503d1f0dae
SSDEEP

12288:sKKcdyxVG2r5qmqQb9wl/l4+rx+U/yKPX0II4tk44eFw:/zfGqpQBQ+UaaX0IIik4PFw

Score

1^/10

Malware Config

Signatures

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4324	conhost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4324	conhost.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4324 wrote to memory of 4152	4324	conhost.exe	85
PID 4324 wrote to memory of 4152	4324	conhost.exe	85

C:\Users\Admin\AppData\Local\Temp\conhost.exe
"C:\Users\Admin\AppData\Local\Temp\conhost.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe
  2⤵
  PID:4152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads