59fef4ba67b25f8290c920e30546e69ce37287c0b35a774bd7ed5bbc34fe420c

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 00:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4594e8f1c6b886c0841d564bbe47c64e.exe
Size

235KB
MD5

4594e8f1c6b886c0841d564bbe47c64e
SHA1

bf5b5b121a53fe4bb468f3b94faa342b8aa9f12a
SHA256

59fef4ba67b25f8290c920e30546e69ce37287c0b35a774bd7ed5bbc34fe420c
SHA512

5fb1376e07e8426da3fb7e1da468b441a76a721d982186deb10323567be39f105923456dda370c602715dd77f7a17beb0a75210f0b80e949f5598ce94ba9faed
SSDEEP

6144:i9VMz6upp66XIIenVh05JSCvIbBTq/T6WmUJM5+kBW:iPMzxpJYHVyLmg/TVJxAW

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 400 set thread context of 528	400	4594e8f1c6b886c0841d564bbe47c64e.exe	20
PID 400 set thread context of 0	400	4594e8f1c6b886c0841d564bbe47c64e.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	4594e8f1c6b886c0841d564bbe47c64e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	4594e8f1c6b886c0841d564bbe47c64e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	4594e8f1c6b886c0841d564bbe47c64e.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
528	4594e8f1c6b886c0841d564bbe47c64e.exe
528	4594e8f1c6b886c0841d564bbe47c64e.exe
528	4594e8f1c6b886c0841d564bbe47c64e.exe
528	4594e8f1c6b886c0841d564bbe47c64e.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
400	4594e8f1c6b886c0841d564bbe47c64e.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 400 wrote to memory of 528	400	4594e8f1c6b886c0841d564bbe47c64e.exe	20
PID 400 wrote to memory of 528	400	4594e8f1c6b886c0841d564bbe47c64e.exe	20
PID 400 wrote to memory of 528	400	4594e8f1c6b886c0841d564bbe47c64e.exe	20
PID 400 wrote to memory of 528	400	4594e8f1c6b886c0841d564bbe47c64e.exe	20
PID 400 wrote to memory of 528	400	4594e8f1c6b886c0841d564bbe47c64e.exe	20
PID 400 wrote to memory of 528	400	4594e8f1c6b886c0841d564bbe47c64e.exe	20
PID 400 wrote to memory of 528	400	4594e8f1c6b886c0841d564bbe47c64e.exe	20
PID 400 wrote to memory of 0	400	4594e8f1c6b886c0841d564bbe47c64e.exe
PID 400 wrote to memory of 0	400	4594e8f1c6b886c0841d564bbe47c64e.exe
PID 400 wrote to memory of 0	400	4594e8f1c6b886c0841d564bbe47c64e.exe
PID 400 wrote to memory of 0	400	4594e8f1c6b886c0841d564bbe47c64e.exe
PID 528 wrote to memory of 3528	528	4594e8f1c6b886c0841d564bbe47c64e.exe	47
PID 528 wrote to memory of 3528	528	4594e8f1c6b886c0841d564bbe47c64e.exe	47
PID 528 wrote to memory of 3528	528	4594e8f1c6b886c0841d564bbe47c64e.exe	47
PID 528 wrote to memory of 3528	528	4594e8f1c6b886c0841d564bbe47c64e.exe	47

C:\Users\Admin\AppData\Local\Temp\4594e8f1c6b886c0841d564bbe47c64e.exe
"C:\Users\Admin\AppData\Local\Temp\4594e8f1c6b886c0841d564bbe47c64e.exe"
1⤵
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:400
- C:\Users\Admin\AppData\Local\Temp\4594e8f1c6b886c0841d564bbe47c64e.exe
  "C:\Users\Admin\AppData\Local\Temp\4594e8f1c6b886c0841d564bbe47c64e.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:528

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/400-11-0x0000000002AE0000-0x0000000002AE1000-memory.dmp

Filesize
4KB

Download
memory/400-9-0x0000000002AE0000-0x0000000002AE1000-memory.dmp

Filesize
4KB

Download
memory/400-24-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/400-29-0x0000000002A10000-0x0000000002A11000-memory.dmp

Filesize
4KB

Download
memory/400-32-0x0000000002BE0000-0x0000000002BE1000-memory.dmp

Filesize
4KB

Download
memory/400-21-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/400-38-0x0000000002C20000-0x0000000002C21000-memory.dmp

Filesize
4KB

Download
memory/400-40-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/400-42-0x0000000002860000-0x0000000002895000-memory.dmp

Filesize
212KB

Download
memory/400-1-0x0000000002860000-0x0000000002895000-memory.dmp

Filesize
212KB

Download
memory/400-43-0x0000000002C30000-0x0000000002C31000-memory.dmp

Filesize
4KB

Download
memory/400-2-0x0000000002A70000-0x0000000002A74000-memory.dmp

Filesize
16KB

Download
memory/400-41-0x0000000002C40000-0x0000000002C41000-memory.dmp

Filesize
4KB

Download
memory/400-39-0x0000000002C10000-0x0000000002C11000-memory.dmp

Filesize
4KB

Download
memory/400-37-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

Filesize
4KB

Download
memory/400-36-0x0000000002C00000-0x0000000002C01000-memory.dmp

Filesize
4KB

Download
memory/400-22-0x0000000002100000-0x0000000002110000-memory.dmp

Filesize
64KB

Download
memory/400-3-0x0000000002A80000-0x0000000002A81000-memory.dmp

Filesize
4KB

Download
memory/400-30-0x00000000028C0000-0x00000000028C1000-memory.dmp

Filesize
4KB

Download
memory/400-28-0x0000000002A90000-0x0000000002A91000-memory.dmp

Filesize
4KB

Download
memory/400-27-0x00000000020F0000-0x00000000020F1000-memory.dmp

Filesize
4KB

Download
memory/400-26-0x00000000020E0000-0x00000000020E1000-memory.dmp

Filesize
4KB

Download
memory/400-20-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/400-4-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/400-34-0x0000000002BD0000-0x0000000002BD1000-memory.dmp

Filesize
4KB

Download
memory/400-19-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/400-18-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/400-17-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/400-16-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/400-15-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/400-14-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/400-13-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/400-12-0x0000000002AE0000-0x0000000002AE1000-memory.dmp

Filesize
4KB

Download
memory/400-0-0x0000000000400000-0x000000000047B000-memory.dmp

Filesize
492KB

Download
memory/400-23-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/400-8-0x0000000002AE0000-0x0000000002AE1000-memory.dmp

Filesize
4KB

Download
memory/400-7-0x0000000002AE0000-0x0000000002AE1000-memory.dmp

Filesize
4KB

Download
memory/400-6-0x0000000002AE0000-0x0000000002AE1000-memory.dmp

Filesize
4KB

Download
memory/400-5-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/528-46-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/528-31-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/528-45-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/528-44-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/528-35-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/528-53-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3528-47-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download