dbbbda6dcdc4c947cf0e0fd3cd348f902849e0ea8610a19d1701d1363b822d34 | Triage

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 02:01

Sharing

Report Analysis Logs

General

Target

c4b048d331af9b78e66cd6bd66e2e08e.exe
Size

172KB
MD5

c4b048d331af9b78e66cd6bd66e2e08e
SHA1

3020a70a933655db763046e528fc6f84d42b6686
SHA256

dbbbda6dcdc4c947cf0e0fd3cd348f902849e0ea8610a19d1701d1363b822d34
SHA512

7268953f7d37654ce488b8495211015ef9d4cc7ab3fc0581636082fd26a3bd119dd73ceb1c966564b9caec95ca871c4787cd5a3e7ba927d6c0f08bcc04a4916c
SSDEEP

768:UoKLX2IR298tiYYGrNGzzLMOF2v2451u+h:UiI7NGXLMOYv2d+h

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1228	c4b048d331af9b78e66cd6bd66e2e08e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 3724	1228	c4b048d331af9b78e66cd6bd66e2e08e.exe	88
PID 1228 wrote to memory of 3724	1228	c4b048d331af9b78e66cd6bd66e2e08e.exe	88
PID 1228 wrote to memory of 3724	1228	c4b048d331af9b78e66cd6bd66e2e08e.exe	88
PID 1228 wrote to memory of 3724	1228	c4b048d331af9b78e66cd6bd66e2e08e.exe	88

C:\Users\Admin\AppData\Local\Temp\c4b048d331af9b78e66cd6bd66e2e08e.exe
"C:\Users\Admin\AppData\Local\Temp\c4b048d331af9b78e66cd6bd66e2e08e.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Users\Admin\AppData\Local\Temp\c4b048d331af9b78e66cd6bd66e2e08e.exe
  C:\Users\Admin\AppData\Local\Temp\c4b048d331af9b78e66cd6bd66e2e08e.exe
  2⤵
  PID:3724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads