c43cf46192da061dd6169e55aac4d2d08a6c33c039a7dac0d88aa897661cbc87 | Triage

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 10:16

Sharing

Report Analysis Logs

General

Target

conhost.exe
Size

847KB
MD5

7417006ac4f38dbe0efd36647c3ebae4
SHA1

4c7e2524a6d7cd99be807b7bfa544517cfd594d4
SHA256

c43cf46192da061dd6169e55aac4d2d08a6c33c039a7dac0d88aa897661cbc87
SHA512

eab3ed2a86b8f1e7126c18b18be5af8917aac3831a3ad60d9f529bd3dd658e1f75d99df2784e7a857c1db7023f4e5bdd489565de9ca99ab7f613f1a0e2d85eaf
SSDEEP

12288:Q+YOjiKiYObiKaoHY0VXb6DVaivm5z6guM77d8Y4ndUtO9FDbWt:Q+bWQsiho4mctguS76Yi9FHK

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3608	conhost.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3608 wrote to memory of 1984	3608	conhost.exe	89
PID 3608 wrote to memory of 1984	3608	conhost.exe	89

C:\Users\Admin\AppData\Local\Temp\conhost.exe
"C:\Users\Admin\AppData\Local\Temp\conhost.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe
  2⤵
  PID:1984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads