356df42c2989a1fc2dd856425b2bc85f61209cda423852793caaa5ea77e9a9ae

Analysis

max time kernel
88s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 21:58

Target

356df42c2989a1fc2dd856425b2bc85f61209cda423852793caaa5ea77e9a9ae.exe
Size

308KB
MD5

32b810b6c262783d5b4d98c57006687a
SHA1

ccaa7a7ef7eb5303dab27581e7bc2691a82d7033
SHA256

356df42c2989a1fc2dd856425b2bc85f61209cda423852793caaa5ea77e9a9ae
SHA512

07b99a1f4039dc98da0ca9dedc88fd5ae0be66a7db769719d44e362de3e08f0ac4b78c2d548be0770e7bcda9d78de1dc152707d00f45f49a1a8a826594edf5f6
SSDEEP

3072:8KhN/HlIlsb0Vtz5Oph+x9gzkHHvFZOCCKOlQDRMrJgO+LuHVyJmcRv:8KHKOODy+puwz

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3476 set thread context of 4212	3476	356df42c2989a1fc2dd856425b2bc85f61209cda423852793caaa5ea77e9a9ae.exe	84

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3476	356df42c2989a1fc2dd856425b2bc85f61209cda423852793caaa5ea77e9a9ae.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3476 wrote to memory of 4212	3476	356df42c2989a1fc2dd856425b2bc85f61209cda423852793caaa5ea77e9a9ae.exe	84
PID 3476 wrote to memory of 4212	3476	356df42c2989a1fc2dd856425b2bc85f61209cda423852793caaa5ea77e9a9ae.exe	84
PID 3476 wrote to memory of 4212	3476	356df42c2989a1fc2dd856425b2bc85f61209cda423852793caaa5ea77e9a9ae.exe	84
PID 3476 wrote to memory of 4212	3476	356df42c2989a1fc2dd856425b2bc85f61209cda423852793caaa5ea77e9a9ae.exe	84
PID 3476 wrote to memory of 4212	3476	356df42c2989a1fc2dd856425b2bc85f61209cda423852793caaa5ea77e9a9ae.exe	84
PID 3476 wrote to memory of 4212	3476	356df42c2989a1fc2dd856425b2bc85f61209cda423852793caaa5ea77e9a9ae.exe	84
PID 3476 wrote to memory of 4212	3476	356df42c2989a1fc2dd856425b2bc85f61209cda423852793caaa5ea77e9a9ae.exe	84

C:\Users\Admin\AppData\Local\Temp\356df42c2989a1fc2dd856425b2bc85f61209cda423852793caaa5ea77e9a9ae.exe
"C:\Users\Admin\AppData\Local\Temp\356df42c2989a1fc2dd856425b2bc85f61209cda423852793caaa5ea77e9a9ae.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3476
- C:\Users\Admin\AppData\Local\Temp\356df42c2989a1fc2dd856425b2bc85f61209cda423852793caaa5ea77e9a9ae.exe
  C:\Users\Admin\AppData\Local\Temp\356df42c2989a1fc2dd856425b2bc85f61209cda423852793caaa5ea77e9a9ae.exe
  2⤵
  PID:4212

memory/4212-135-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4212-137-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/4212-138-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/4212-139-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download