a31560c95c054fc322a2f787fb72cc501bcfc8a8f2ad5548a91522f7117e2283

Analysis

max time kernel
91s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 06:55

Target

a31560c95c054fc322a2f787fb72cc501bcfc8a8f2ad5548a91522f7117e2283.exe
Size

180KB
MD5

6c37e1d3e875af0eabcdb767f48cc48d
SHA1

8acd3e8c3af77277d0f7fb89951694e71cb9641a
SHA256

a31560c95c054fc322a2f787fb72cc501bcfc8a8f2ad5548a91522f7117e2283
SHA512

8986d23da7598ebc0c0f7d4b9f2337d3a32533e38a18c31f6592f0e0faca36dbe76bc86d4ea5ef4c8e46b9f73035df5118009eb72466a8b26bd83c2da4d7370e
SSDEEP

3072:XpRRW09CNyA5yePbkSj/foSJoa0XuJo5siGo:XvwHb5XNyawuno

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2128 set thread context of 1588	2128	a31560c95c054fc322a2f787fb72cc501bcfc8a8f2ad5548a91522f7117e2283.exe	82

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2128	a31560c95c054fc322a2f787fb72cc501bcfc8a8f2ad5548a91522f7117e2283.exe
1588	a31560c95c054fc322a2f787fb72cc501bcfc8a8f2ad5548a91522f7117e2283.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 1588	2128	a31560c95c054fc322a2f787fb72cc501bcfc8a8f2ad5548a91522f7117e2283.exe	82
PID 2128 wrote to memory of 1588	2128	a31560c95c054fc322a2f787fb72cc501bcfc8a8f2ad5548a91522f7117e2283.exe	82
PID 2128 wrote to memory of 1588	2128	a31560c95c054fc322a2f787fb72cc501bcfc8a8f2ad5548a91522f7117e2283.exe	82
PID 2128 wrote to memory of 1588	2128	a31560c95c054fc322a2f787fb72cc501bcfc8a8f2ad5548a91522f7117e2283.exe	82
PID 2128 wrote to memory of 1588	2128	a31560c95c054fc322a2f787fb72cc501bcfc8a8f2ad5548a91522f7117e2283.exe	82
PID 2128 wrote to memory of 1588	2128	a31560c95c054fc322a2f787fb72cc501bcfc8a8f2ad5548a91522f7117e2283.exe	82
PID 2128 wrote to memory of 1588	2128	a31560c95c054fc322a2f787fb72cc501bcfc8a8f2ad5548a91522f7117e2283.exe	82
PID 2128 wrote to memory of 1588	2128	a31560c95c054fc322a2f787fb72cc501bcfc8a8f2ad5548a91522f7117e2283.exe	82
PID 2128 wrote to memory of 1588	2128	a31560c95c054fc322a2f787fb72cc501bcfc8a8f2ad5548a91522f7117e2283.exe	82
PID 2128 wrote to memory of 1588	2128	a31560c95c054fc322a2f787fb72cc501bcfc8a8f2ad5548a91522f7117e2283.exe	82
PID 2128 wrote to memory of 1588	2128	a31560c95c054fc322a2f787fb72cc501bcfc8a8f2ad5548a91522f7117e2283.exe	82
PID 2128 wrote to memory of 1588	2128	a31560c95c054fc322a2f787fb72cc501bcfc8a8f2ad5548a91522f7117e2283.exe	82
PID 2128 wrote to memory of 1588	2128	a31560c95c054fc322a2f787fb72cc501bcfc8a8f2ad5548a91522f7117e2283.exe	82

C:\Users\Admin\AppData\Local\Temp\a31560c95c054fc322a2f787fb72cc501bcfc8a8f2ad5548a91522f7117e2283.exe
"C:\Users\Admin\AppData\Local\Temp\a31560c95c054fc322a2f787fb72cc501bcfc8a8f2ad5548a91522f7117e2283.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Users\Admin\AppData\Local\Temp\a31560c95c054fc322a2f787fb72cc501bcfc8a8f2ad5548a91522f7117e2283.exe
  C:\Users\Admin\AppData\Local\Temp\a31560c95c054fc322a2f787fb72cc501bcfc8a8f2ad5548a91522f7117e2283.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1588

memory/1588-138-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/1588-140-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/1588-141-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/1588-142-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/1588-143-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/1588-144-0x0000000000431000-0x0000000000433000-memory.dmp

Filesize
8KB

Download
memory/1588-147-0x0000000000431000-0x0000000000432000-memory.dmp

Filesize
4KB

Download
memory/1588-148-0x0000000000431000-0x0000000000432000-memory.dmp

Filesize
4KB

Download
memory/1588-145-0x0000000000431000-0x0000000000432000-memory.dmp

Filesize
4KB

Download
memory/1588-149-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/1588-146-0x0000000000431000-0x0000000000432000-memory.dmp

Filesize
4KB

Download
memory/1588-150-0x0000000000430000-0x0000000000431000-memory.dmp

Filesize
4KB

Download
memory/1588-153-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/1588-154-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download