8aed9cb28e0d964ce183de82cd1d58dc196e8cf1948690cc699a10ff1601cf01

Analysis

max time kernel
164s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09-01-2024 11:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e237cb9d07b5b1cdb4632d58f6872f0.exe
Size

228KB
MD5

4e237cb9d07b5b1cdb4632d58f6872f0
SHA1

b68706b2cf6869be1bf2c9f4b9a5c5eedea1076f
SHA256

8aed9cb28e0d964ce183de82cd1d58dc196e8cf1948690cc699a10ff1601cf01
SHA512

6c04fde7e4581cc57ffa891d3b4a3ebc3cbefd187f99d01a80fad8835cf425e3ce2b27625e1f690338414c0bff336213aebf27ab5f1d1eca90b71522df5aba43
SSDEEP

6144:UQ/0K9vMUYmySsXpLl3f2qeeCNrL/UlfWCMxdGHg8BU2cc75Sq:UQ8bSsP+qtsrL/UlRMrOSq

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4768 set thread context of 2528	4768	4e237cb9d07b5b1cdb4632d58f6872f0.exe	89

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2528	4e237cb9d07b5b1cdb4632d58f6872f0.exe
2528	4e237cb9d07b5b1cdb4632d58f6872f0.exe
2528	4e237cb9d07b5b1cdb4632d58f6872f0.exe
2528	4e237cb9d07b5b1cdb4632d58f6872f0.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4768	4e237cb9d07b5b1cdb4632d58f6872f0.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 4768 wrote to memory of 2528	4768	4e237cb9d07b5b1cdb4632d58f6872f0.exe	89
PID 4768 wrote to memory of 2528	4768	4e237cb9d07b5b1cdb4632d58f6872f0.exe	89
PID 4768 wrote to memory of 2528	4768	4e237cb9d07b5b1cdb4632d58f6872f0.exe	89
PID 4768 wrote to memory of 2528	4768	4e237cb9d07b5b1cdb4632d58f6872f0.exe	89
PID 4768 wrote to memory of 2528	4768	4e237cb9d07b5b1cdb4632d58f6872f0.exe	89
PID 4768 wrote to memory of 2528	4768	4e237cb9d07b5b1cdb4632d58f6872f0.exe	89
PID 4768 wrote to memory of 2528	4768	4e237cb9d07b5b1cdb4632d58f6872f0.exe	89
PID 2528 wrote to memory of 3440	2528	4e237cb9d07b5b1cdb4632d58f6872f0.exe	47
PID 2528 wrote to memory of 3440	2528	4e237cb9d07b5b1cdb4632d58f6872f0.exe	47
PID 2528 wrote to memory of 3440	2528	4e237cb9d07b5b1cdb4632d58f6872f0.exe	47
PID 2528 wrote to memory of 3440	2528	4e237cb9d07b5b1cdb4632d58f6872f0.exe	47

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3440
- C:\Users\Admin\AppData\Local\Temp\4e237cb9d07b5b1cdb4632d58f6872f0.exe
  "C:\Users\Admin\AppData\Local\Temp\4e237cb9d07b5b1cdb4632d58f6872f0.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4768
- - C:\Users\Admin\AppData\Local\Temp\4e237cb9d07b5b1cdb4632d58f6872f0.exe
    C:\Users\Admin\AppData\Local\Temp\4e237cb9d07b5b1cdb4632d58f6872f0.exe
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2528-14-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2528-30-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/2528-29-0x0000000000400000-0x00000000004083A0-memory.dmp

Filesize
32KB

Download
memory/2528-22-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/2528-19-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2528-17-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2528-15-0x0000000000400000-0x00000000004083A0-memory.dmp

Filesize
32KB

Download
memory/3440-25-0x000000007FFD0000-0x000000007FFD1000-memory.dmp

Filesize
4KB

Download
memory/3440-24-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/4768-11-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4768-20-0x00000000774F0000-0x00000000775E0000-memory.dmp

Filesize
960KB

Download
memory/4768-9-0x00000000777C3000-0x00000000777C4000-memory.dmp

Filesize
4KB

Download
memory/4768-10-0x0000000002580000-0x0000000002590000-memory.dmp

Filesize
64KB

Download
memory/4768-8-0x00000000777D3000-0x00000000777D4000-memory.dmp

Filesize
4KB

Download
memory/4768-7-0x00000000774F0000-0x00000000775E0000-memory.dmp

Filesize
960KB

Download
memory/4768-18-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4768-1-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4768-21-0x00000000021F0000-0x0000000002229000-memory.dmp

Filesize
228KB

Download
memory/4768-6-0x00000000777D2000-0x00000000777D3000-memory.dmp

Filesize
4KB

Download
memory/4768-5-0x0000000002340000-0x0000000002350000-memory.dmp

Filesize
64KB

Download
memory/4768-4-0x0000000002510000-0x0000000002520000-memory.dmp

Filesize
64KB

Download
memory/4768-2-0x00000000006E0000-0x00000000006E4000-memory.dmp

Filesize
16KB

Download
memory/4768-3-0x00000000021F0000-0x0000000002229000-memory.dmp

Filesize
228KB

Download