7bfcfdb02264fb04af0559dd9950bf0dd9bbdd604fb8ec16b9f479651dda237d

Analysis

max time kernel
37s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-09-2022 10:39

Target

7bfcfdb02264fb04af0559dd9950bf0dd9bbdd604fb8ec16b9f479651dda237d.exe
Size

288KB
MD5

690bcec77a9fbbd1a68e28fbbc13cf35
SHA1

a7dcbbbe9dc65d7dc263adb2634fcd205df69093
SHA256

7bfcfdb02264fb04af0559dd9950bf0dd9bbdd604fb8ec16b9f479651dda237d
SHA512

caf86b659851f737452c53c81ca07a0b9b0660e8f663b7b32661146958a51909b0fcbf7545d5d61c89c85e44028201c9850029566d590a59842e69926b881715
SSDEEP

3072:7XkL0KzullXY1mNE9ynqO5biWT7X6XMiSPA4kJKxorLnCtQJR+rpeg4+pbqBwVnu:jkL0ZWAqO5bfvqciSoCcE5KEICu

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1672 set thread context of 2020	1672	7bfcfdb02264fb04af0559dd9950bf0dd9bbdd604fb8ec16b9f479651dda237d.exe	27

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1672	7bfcfdb02264fb04af0559dd9950bf0dd9bbdd604fb8ec16b9f479651dda237d.exe
2020	7bfcfdb02264fb04af0559dd9950bf0dd9bbdd604fb8ec16b9f479651dda237d.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 2020	1672	7bfcfdb02264fb04af0559dd9950bf0dd9bbdd604fb8ec16b9f479651dda237d.exe	27
PID 1672 wrote to memory of 2020	1672	7bfcfdb02264fb04af0559dd9950bf0dd9bbdd604fb8ec16b9f479651dda237d.exe	27
PID 1672 wrote to memory of 2020	1672	7bfcfdb02264fb04af0559dd9950bf0dd9bbdd604fb8ec16b9f479651dda237d.exe	27
PID 1672 wrote to memory of 2020	1672	7bfcfdb02264fb04af0559dd9950bf0dd9bbdd604fb8ec16b9f479651dda237d.exe	27
PID 1672 wrote to memory of 2020	1672	7bfcfdb02264fb04af0559dd9950bf0dd9bbdd604fb8ec16b9f479651dda237d.exe	27
PID 1672 wrote to memory of 2020	1672	7bfcfdb02264fb04af0559dd9950bf0dd9bbdd604fb8ec16b9f479651dda237d.exe	27
PID 1672 wrote to memory of 2020	1672	7bfcfdb02264fb04af0559dd9950bf0dd9bbdd604fb8ec16b9f479651dda237d.exe	27
PID 1672 wrote to memory of 2020	1672	7bfcfdb02264fb04af0559dd9950bf0dd9bbdd604fb8ec16b9f479651dda237d.exe	27

C:\Users\Admin\AppData\Local\Temp\7bfcfdb02264fb04af0559dd9950bf0dd9bbdd604fb8ec16b9f479651dda237d.exe
"C:\Users\Admin\AppData\Local\Temp\7bfcfdb02264fb04af0559dd9950bf0dd9bbdd604fb8ec16b9f479651dda237d.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Users\Admin\AppData\Local\Temp\7bfcfdb02264fb04af0559dd9950bf0dd9bbdd604fb8ec16b9f479651dda237d.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2020

memory/2020-56-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2020-57-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2020-59-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2020-60-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2020-65-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download