35c341137c1adabb92c866bed8cc61ef35b3f6d1cc4d81e137995f07e8528d32

Analysis

max time kernel
24s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 07:24

Target

35c341137c1adabb92c866bed8cc61ef35b3f6d1cc4d81e137995f07e8528d32.exe
Size

168KB
MD5

7fe72c20ebb3e29377cca885b5218853
SHA1

adf77820ebde4dc23a5cd70dd4ae996d3c957db3
SHA256

35c341137c1adabb92c866bed8cc61ef35b3f6d1cc4d81e137995f07e8528d32
SHA512

c2cca560a6c405309a5db3d95bda982546002e4d8ac25c10aaae49d3b63924ed1dd165dfa17fb9a5aae82afd5218a4f88c38557ef806b624e229201363011d69
SSDEEP

3072:bEUP0Fx0k4MWJjFalEadPFO0c6p86cdOA+tCk3A:UCk

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 608 set thread context of 2008	608	35c341137c1adabb92c866bed8cc61ef35b3f6d1cc4d81e137995f07e8528d32.exe	28

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
608	35c341137c1adabb92c866bed8cc61ef35b3f6d1cc4d81e137995f07e8528d32.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 608 wrote to memory of 2008	608	35c341137c1adabb92c866bed8cc61ef35b3f6d1cc4d81e137995f07e8528d32.exe	28
PID 608 wrote to memory of 2008	608	35c341137c1adabb92c866bed8cc61ef35b3f6d1cc4d81e137995f07e8528d32.exe	28
PID 608 wrote to memory of 2008	608	35c341137c1adabb92c866bed8cc61ef35b3f6d1cc4d81e137995f07e8528d32.exe	28
PID 608 wrote to memory of 2008	608	35c341137c1adabb92c866bed8cc61ef35b3f6d1cc4d81e137995f07e8528d32.exe	28
PID 608 wrote to memory of 2008	608	35c341137c1adabb92c866bed8cc61ef35b3f6d1cc4d81e137995f07e8528d32.exe	28
PID 608 wrote to memory of 2008	608	35c341137c1adabb92c866bed8cc61ef35b3f6d1cc4d81e137995f07e8528d32.exe	28
PID 608 wrote to memory of 2008	608	35c341137c1adabb92c866bed8cc61ef35b3f6d1cc4d81e137995f07e8528d32.exe	28
PID 608 wrote to memory of 2008	608	35c341137c1adabb92c866bed8cc61ef35b3f6d1cc4d81e137995f07e8528d32.exe	28

C:\Users\Admin\AppData\Local\Temp\35c341137c1adabb92c866bed8cc61ef35b3f6d1cc4d81e137995f07e8528d32.exe
"C:\Users\Admin\AppData\Local\Temp\35c341137c1adabb92c866bed8cc61ef35b3f6d1cc4d81e137995f07e8528d32.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:608
- C:\Users\Admin\AppData\Local\Temp\35c341137c1adabb92c866bed8cc61ef35b3f6d1cc4d81e137995f07e8528d32.exe
  "C:\Users\Admin\AppData\Local\Temp\35c341137c1adabb92c866bed8cc61ef35b3f6d1cc4d81e137995f07e8528d32.exe"
  2⤵
  PID:2008

memory/2008-56-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2008-59-0x0000000000400000-0x00000000004083A0-memory.dmp

Filesize
32KB

Download
memory/2008-60-0x0000000075811000-0x0000000075813000-memory.dmp

Filesize
8KB

Download
memory/2008-61-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download