77725976700d93f689dc0ad7617707870282ed9d37130e218edcdb15d1c2f634

Analysis

max time kernel
42s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02-10-2022 15:24

Target

77725976700d93f689dc0ad7617707870282ed9d37130e218edcdb15d1c2f634.exe
Size

127KB
MD5

6e8521f31dca0c0bb2b467479cab89d0
SHA1

cc01b6ef65146ef5b4852dc9c9323add7672a0cd
SHA256

77725976700d93f689dc0ad7617707870282ed9d37130e218edcdb15d1c2f634
SHA512

6225e768a0d502b42beef94ff6d3268815ce246b17675c79516315458c870776a30d2ea227a245d6fd452e5e3e822530ef9677646a7cb74969b281a5c684866d
SSDEEP

3072:GEveSJADJqygWHy0cAFmuDgJZtzF6dPX10yMlbr:Gseki8D6iamucZdFqX2hr

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 620 set thread context of 1188	620	77725976700d93f689dc0ad7617707870282ed9d37130e218edcdb15d1c2f634.exe	27

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
620	77725976700d93f689dc0ad7617707870282ed9d37130e218edcdb15d1c2f634.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 620 wrote to memory of 1188	620	77725976700d93f689dc0ad7617707870282ed9d37130e218edcdb15d1c2f634.exe	27
PID 620 wrote to memory of 1188	620	77725976700d93f689dc0ad7617707870282ed9d37130e218edcdb15d1c2f634.exe	27
PID 620 wrote to memory of 1188	620	77725976700d93f689dc0ad7617707870282ed9d37130e218edcdb15d1c2f634.exe	27
PID 620 wrote to memory of 1188	620	77725976700d93f689dc0ad7617707870282ed9d37130e218edcdb15d1c2f634.exe	27
PID 620 wrote to memory of 1188	620	77725976700d93f689dc0ad7617707870282ed9d37130e218edcdb15d1c2f634.exe	27
PID 620 wrote to memory of 1188	620	77725976700d93f689dc0ad7617707870282ed9d37130e218edcdb15d1c2f634.exe	27
PID 620 wrote to memory of 1188	620	77725976700d93f689dc0ad7617707870282ed9d37130e218edcdb15d1c2f634.exe	27
PID 620 wrote to memory of 1188	620	77725976700d93f689dc0ad7617707870282ed9d37130e218edcdb15d1c2f634.exe	27

C:\Users\Admin\AppData\Local\Temp\77725976700d93f689dc0ad7617707870282ed9d37130e218edcdb15d1c2f634.exe
"C:\Users\Admin\AppData\Local\Temp\77725976700d93f689dc0ad7617707870282ed9d37130e218edcdb15d1c2f634.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:620
- C:\Users\Admin\AppData\Local\Temp\77725976700d93f689dc0ad7617707870282ed9d37130e218edcdb15d1c2f634.exe
  "C:\Users\Admin\AppData\Local\Temp\77725976700d93f689dc0ad7617707870282ed9d37130e218edcdb15d1c2f634.exe"
  2⤵
  PID:1188

memory/620-59-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/1188-56-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1188-60-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/1188-61-0x0000000075711000-0x0000000075713000-memory.dmp

Filesize
8KB

Download
memory/1188-62-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download