48da563008f538ea3ca8be6d5653b7952cd7fde53a3edcd3b9c99822e8d9feb2

Analysis

max time kernel
127s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 15:57

Target

48da563008f538ea3ca8be6d5653b7952cd7fde53a3edcd3b9c99822e8d9feb2.exe
Size

484KB
MD5

44c8476699cca2b34cd671ecbfde8b06
SHA1

1da2b14a1a9a17f43c0ef0040510dbbb4bb6c1dd
SHA256

48da563008f538ea3ca8be6d5653b7952cd7fde53a3edcd3b9c99822e8d9feb2
SHA512

d7d815508ac182530feb3adbca491607b711c5537ec10f18a2c532db69dbd9c0e609bff45c1d2f8c13d235fc1a8996cde07fb789c7cf2bcaa8446d4c12f78cd7
SSDEEP

12288:kfr3J1K+8aNPWGqRI9sCZhywrGDyByJZJkWLHwc3rvv:kflNPeI9d9rGGByJDhd3rvv

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3156 set thread context of 4408	3156	48da563008f538ea3ca8be6d5653b7952cd7fde53a3edcd3b9c99822e8d9feb2.exe	82

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3156	48da563008f538ea3ca8be6d5653b7952cd7fde53a3edcd3b9c99822e8d9feb2.exe
3156	48da563008f538ea3ca8be6d5653b7952cd7fde53a3edcd3b9c99822e8d9feb2.exe
4408	48da563008f538ea3ca8be6d5653b7952cd7fde53a3edcd3b9c99822e8d9feb2.exe
4408	48da563008f538ea3ca8be6d5653b7952cd7fde53a3edcd3b9c99822e8d9feb2.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3156	48da563008f538ea3ca8be6d5653b7952cd7fde53a3edcd3b9c99822e8d9feb2.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3156 wrote to memory of 4408	3156	48da563008f538ea3ca8be6d5653b7952cd7fde53a3edcd3b9c99822e8d9feb2.exe	82
PID 3156 wrote to memory of 4408	3156	48da563008f538ea3ca8be6d5653b7952cd7fde53a3edcd3b9c99822e8d9feb2.exe	82
PID 3156 wrote to memory of 4408	3156	48da563008f538ea3ca8be6d5653b7952cd7fde53a3edcd3b9c99822e8d9feb2.exe	82
PID 3156 wrote to memory of 4408	3156	48da563008f538ea3ca8be6d5653b7952cd7fde53a3edcd3b9c99822e8d9feb2.exe	82
PID 3156 wrote to memory of 4408	3156	48da563008f538ea3ca8be6d5653b7952cd7fde53a3edcd3b9c99822e8d9feb2.exe	82
PID 3156 wrote to memory of 4408	3156	48da563008f538ea3ca8be6d5653b7952cd7fde53a3edcd3b9c99822e8d9feb2.exe	82
PID 3156 wrote to memory of 4408	3156	48da563008f538ea3ca8be6d5653b7952cd7fde53a3edcd3b9c99822e8d9feb2.exe	82
PID 3156 wrote to memory of 4408	3156	48da563008f538ea3ca8be6d5653b7952cd7fde53a3edcd3b9c99822e8d9feb2.exe	82
PID 3156 wrote to memory of 4408	3156	48da563008f538ea3ca8be6d5653b7952cd7fde53a3edcd3b9c99822e8d9feb2.exe	82

C:\Users\Admin\AppData\Local\Temp\48da563008f538ea3ca8be6d5653b7952cd7fde53a3edcd3b9c99822e8d9feb2.exe
"C:\Users\Admin\AppData\Local\Temp\48da563008f538ea3ca8be6d5653b7952cd7fde53a3edcd3b9c99822e8d9feb2.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3156
- C:\Users\Admin\AppData\Local\Temp\48da563008f538ea3ca8be6d5653b7952cd7fde53a3edcd3b9c99822e8d9feb2.exe
  C:\Users\Admin\AppData\Local\Temp\48da563008f538ea3ca8be6d5653b7952cd7fde53a3edcd3b9c99822e8d9feb2.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4408

memory/3156-132-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/3156-137-0x0000000000630000-0x0000000000634000-memory.dmp

Filesize
16KB

Download
memory/3156-136-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/4408-134-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/4408-135-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/4408-138-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/4408-139-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download