d003b5e3e6f8fed5bf0e03fea4b148d736073c99b0843b227eed154dac633028

Analysis

max time kernel
36s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 01:55

Target

d003b5e3e6f8fed5bf0e03fea4b148d736073c99b0843b227eed154dac633028.exe
Size

180KB
MD5

f9a3f036d214c89cfde62bea502297bd
SHA1

cbaa46fff3d62f8d96115c734e155ba56a59c603
SHA256

d003b5e3e6f8fed5bf0e03fea4b148d736073c99b0843b227eed154dac633028
SHA512

0ee1f18fae31aa377cfc8803c48971b17b25ace7329aa3a5de85b518e07f7063f9d65a511808cb4b86207a296bb1e397969ddfe6f6085ac9c97d012d139cbd11
SSDEEP

3072:9/EhouHz9xRY2gwy8EVt1+p8y2bj8BD+FI+BrLkuK6alV:GhHhbY2Ur+QbjK+ZfK6alV

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1728 set thread context of 768	1728	d003b5e3e6f8fed5bf0e03fea4b148d736073c99b0843b227eed154dac633028.exe	28

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1728	d003b5e3e6f8fed5bf0e03fea4b148d736073c99b0843b227eed154dac633028.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 768	1728	d003b5e3e6f8fed5bf0e03fea4b148d736073c99b0843b227eed154dac633028.exe	28
PID 1728 wrote to memory of 768	1728	d003b5e3e6f8fed5bf0e03fea4b148d736073c99b0843b227eed154dac633028.exe	28
PID 1728 wrote to memory of 768	1728	d003b5e3e6f8fed5bf0e03fea4b148d736073c99b0843b227eed154dac633028.exe	28
PID 1728 wrote to memory of 768	1728	d003b5e3e6f8fed5bf0e03fea4b148d736073c99b0843b227eed154dac633028.exe	28
PID 1728 wrote to memory of 768	1728	d003b5e3e6f8fed5bf0e03fea4b148d736073c99b0843b227eed154dac633028.exe	28
PID 1728 wrote to memory of 768	1728	d003b5e3e6f8fed5bf0e03fea4b148d736073c99b0843b227eed154dac633028.exe	28
PID 1728 wrote to memory of 768	1728	d003b5e3e6f8fed5bf0e03fea4b148d736073c99b0843b227eed154dac633028.exe	28
PID 1728 wrote to memory of 768	1728	d003b5e3e6f8fed5bf0e03fea4b148d736073c99b0843b227eed154dac633028.exe	28

C:\Users\Admin\AppData\Local\Temp\d003b5e3e6f8fed5bf0e03fea4b148d736073c99b0843b227eed154dac633028.exe
"C:\Users\Admin\AppData\Local\Temp\d003b5e3e6f8fed5bf0e03fea4b148d736073c99b0843b227eed154dac633028.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Users\Admin\AppData\Local\Temp\d003b5e3e6f8fed5bf0e03fea4b148d736073c99b0843b227eed154dac633028.exe
  C:\Users\Admin\AppData\Local\Temp\d003b5e3e6f8fed5bf0e03fea4b148d736073c99b0843b227eed154dac633028.exe
  2⤵
  PID:768

memory/768-67-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/768-57-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/768-58-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/768-60-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/768-61-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/768-68-0x0000000076091000-0x0000000076093000-memory.dmp

Filesize
8KB

Download
memory/768-69-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/768-70-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1728-64-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1728-65-0x0000000000220000-0x0000000000224000-memory.dmp

Filesize
16KB

Download
memory/1728-66-0x00000000002F0000-0x0000000000329000-memory.dmp

Filesize
228KB

Download
memory/1728-54-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download