bc8b3a06a727dd28d3a7b56d7cb505065a040cd0be1f1d2cb4fd8b9a9988dedc

Analysis

max time kernel
128s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 13:41

Target

bc8b3a06a727dd28d3a7b56d7cb505065a040cd0be1f1d2cb4fd8b9a9988dedc.exe
Size

266KB
MD5

0965feb61ace66db671790023743c58b
SHA1

92df912d2c8bca3e720a45213ea8b126f836c925
SHA256

bc8b3a06a727dd28d3a7b56d7cb505065a040cd0be1f1d2cb4fd8b9a9988dedc
SHA512

7a04ce2903bf997fe8674a9ef58e74df03cb1fbe3d250cd8e25af8565c0e1a85a89bf3b3776e5bf8392b6b8958556dfd651f1ce017c9061f6a8ea3a99585779f
SSDEEP

6144:7pprn6Eb4TgkGNI8XIwFcEeFBSKfMNCBXYScCB1:7HjH4UIs7+DSYMNCBI5CB1

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 628 set thread context of 2384	628	bc8b3a06a727dd28d3a7b56d7cb505065a040cd0be1f1d2cb4fd8b9a9988dedc.exe	82

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2384	bc8b3a06a727dd28d3a7b56d7cb505065a040cd0be1f1d2cb4fd8b9a9988dedc.exe
2384	bc8b3a06a727dd28d3a7b56d7cb505065a040cd0be1f1d2cb4fd8b9a9988dedc.exe
2384	bc8b3a06a727dd28d3a7b56d7cb505065a040cd0be1f1d2cb4fd8b9a9988dedc.exe
2384	bc8b3a06a727dd28d3a7b56d7cb505065a040cd0be1f1d2cb4fd8b9a9988dedc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
628	bc8b3a06a727dd28d3a7b56d7cb505065a040cd0be1f1d2cb4fd8b9a9988dedc.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 628 wrote to memory of 2384	628	bc8b3a06a727dd28d3a7b56d7cb505065a040cd0be1f1d2cb4fd8b9a9988dedc.exe	82
PID 628 wrote to memory of 2384	628	bc8b3a06a727dd28d3a7b56d7cb505065a040cd0be1f1d2cb4fd8b9a9988dedc.exe	82
PID 628 wrote to memory of 2384	628	bc8b3a06a727dd28d3a7b56d7cb505065a040cd0be1f1d2cb4fd8b9a9988dedc.exe	82
PID 628 wrote to memory of 2384	628	bc8b3a06a727dd28d3a7b56d7cb505065a040cd0be1f1d2cb4fd8b9a9988dedc.exe	82
PID 628 wrote to memory of 2384	628	bc8b3a06a727dd28d3a7b56d7cb505065a040cd0be1f1d2cb4fd8b9a9988dedc.exe	82
PID 628 wrote to memory of 2384	628	bc8b3a06a727dd28d3a7b56d7cb505065a040cd0be1f1d2cb4fd8b9a9988dedc.exe	82
PID 628 wrote to memory of 2384	628	bc8b3a06a727dd28d3a7b56d7cb505065a040cd0be1f1d2cb4fd8b9a9988dedc.exe	82
PID 2384 wrote to memory of 2016	2384	bc8b3a06a727dd28d3a7b56d7cb505065a040cd0be1f1d2cb4fd8b9a9988dedc.exe	57
PID 2384 wrote to memory of 2016	2384	bc8b3a06a727dd28d3a7b56d7cb505065a040cd0be1f1d2cb4fd8b9a9988dedc.exe	57
PID 2384 wrote to memory of 2016	2384	bc8b3a06a727dd28d3a7b56d7cb505065a040cd0be1f1d2cb4fd8b9a9988dedc.exe	57
PID 2384 wrote to memory of 2016	2384	bc8b3a06a727dd28d3a7b56d7cb505065a040cd0be1f1d2cb4fd8b9a9988dedc.exe	57

memory/628-132-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/628-134-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/628-139-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/2016-141-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/2384-137-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2384-140-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/2384-142-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download