e6eb763bdb7f5f6c418dcaad3efa6f52f9a8a1160e1eb1fca9229b5adc656d25 | Triage

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 19:11

Sharing

Report Analysis Logs

General

Target

36f6768b0d410125fe4f8f3a5a310696.exe
Size

20KB
MD5

36f6768b0d410125fe4f8f3a5a310696
SHA1

43fc9cd0d178807f7dce9b6765f14734a89fb8d7
SHA256

e6eb763bdb7f5f6c418dcaad3efa6f52f9a8a1160e1eb1fca9229b5adc656d25
SHA512

ed689eef2319df90a0dbad62955b0a0a5ca222750d5bb0c89100a3ad838c900d7c7eab6ed09f3b79badefde0798bbae054708b4fafbe7b3d72c19af6d0a912e8
SSDEEP

192:+DtaoLyNiyPl3VadnDqA223t8niksSXUUt2mII:g9QanWAbtAiDSXUUtJII

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4600	36f6768b0d410125fe4f8f3a5a310696.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4600 wrote to memory of 2680	4600	36f6768b0d410125fe4f8f3a5a310696.exe	16
PID 4600 wrote to memory of 2680	4600	36f6768b0d410125fe4f8f3a5a310696.exe	16
PID 4600 wrote to memory of 2680	4600	36f6768b0d410125fe4f8f3a5a310696.exe	16

C:\Users\Admin\AppData\Local\Temp\36f6768b0d410125fe4f8f3a5a310696.exe
"C:\Users\Admin\AppData\Local\Temp\36f6768b0d410125fe4f8f3a5a310696.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4600
- C:\Windows\SysWOW64\cmd.exe
  cmd /C pause
  2⤵
  PID:2680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads