ee48174864ae0ef8c1e2da6b91b17c2f1df32195f69173adcc3013bf97c76ad5

Analysis

max time kernel
1566s
max time network
1571s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
26-03-2024 16:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe
Size

267KB
MD5

54b101c34309faa7dd58dd249b1c8103
SHA1

c46268590157f04fbecf35db3c7b5a854fbc1536
SHA256

cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d
SHA512

44d9291407177c429da7e0d5c8ffd7eb1040c1b666d951329edb1ad3c98d68bee62fa73c0374c296374362793c2f9334ff16ee0e040b7b99b11bdc283b2885e1
SSDEEP

3072:4vDNI+KjNTjuO8zYkS6P+pmjVItNz/jO71r06JvJiPn29D+55HSk99XJcTphigTe:023jNWspjNHSk7uXCRzl5R/ca

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe

description	pid	process	target process
PID 2112 set thread context of 2116	2112	cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe	cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.execad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe

pid	process
2112	cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe
2116	cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe
2116	cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe

description	pid	process	target process
PID 2112 wrote to memory of 2116	2112	cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe	cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe
PID 2112 wrote to memory of 2116	2112	cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe	cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe
PID 2112 wrote to memory of 2116	2112	cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe	cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe
PID 2112 wrote to memory of 2116	2112	cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe	cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe
PID 2112 wrote to memory of 2116	2112	cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe	cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe
PID 2112 wrote to memory of 2116	2112	cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe	cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe
PID 2112 wrote to memory of 2116	2112	cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe	cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe
PID 2112 wrote to memory of 2116	2112	cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe	cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe
PID 2112 wrote to memory of 2116	2112	cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe	cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe
PID 2112 wrote to memory of 2116	2112	cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe	cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe

C:\Users\Admin\AppData\Local\Temp\cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe
"C:\Users\Admin\AppData\Local\Temp\cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2112

C:\Users\Admin\AppData\Local\Temp\cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe
"C:\Users\Admin\AppData\Local\Temp\cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe"
2⤵
- Suspicious use of SetWindowsHookEx
PID:2116

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2116-3-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2116-5-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2116-8-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads