d7e693e826cb766e78393be68bc677a2d8245538dab4fe906501b6f73eb09172

Analysis

max time kernel
143s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2022, 01:13

Target

d7e693e826cb766e78393be68bc677a2d8245538dab4fe906501b6f73eb09172.exe
Size

297KB
MD5

600bf93cf2c8a30711067f36c9e9b0f4
SHA1

b839117877455666a293b6e8b8fe04d8b7ee71e0
SHA256

d7e693e826cb766e78393be68bc677a2d8245538dab4fe906501b6f73eb09172
SHA512

de68bb45b0dcee9f26c1d4e79e4023d88e98f97d40ac227c79e1324f9b011457f9e7ebf40d15e0d5035b19a52e063392b687e57310252abe42a043ca92d464cc
SSDEEP

6144:1/DO0EeyH5D09vSSVk4duDKILfBWrwjPanSXeDh:BNk5DMS/IuKafBWrEPanqeDh

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4092 set thread context of 1868	4092	d7e693e826cb766e78393be68bc677a2d8245538dab4fe906501b6f73eb09172.exe	81

Suspicious behavior: EnumeratesProcesses 6 IoCs

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4092	d7e693e826cb766e78393be68bc677a2d8245538dab4fe906501b6f73eb09172.exe
4092	d7e693e826cb766e78393be68bc677a2d8245538dab4fe906501b6f73eb09172.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4092 wrote to memory of 1868	4092	d7e693e826cb766e78393be68bc677a2d8245538dab4fe906501b6f73eb09172.exe	81
PID 4092 wrote to memory of 1868	4092	d7e693e826cb766e78393be68bc677a2d8245538dab4fe906501b6f73eb09172.exe	81
PID 4092 wrote to memory of 1868	4092	d7e693e826cb766e78393be68bc677a2d8245538dab4fe906501b6f73eb09172.exe	81
PID 4092 wrote to memory of 1868	4092	d7e693e826cb766e78393be68bc677a2d8245538dab4fe906501b6f73eb09172.exe	81
PID 4092 wrote to memory of 1868	4092	d7e693e826cb766e78393be68bc677a2d8245538dab4fe906501b6f73eb09172.exe	81
PID 4092 wrote to memory of 1868	4092	d7e693e826cb766e78393be68bc677a2d8245538dab4fe906501b6f73eb09172.exe	81
PID 4092 wrote to memory of 1868	4092	d7e693e826cb766e78393be68bc677a2d8245538dab4fe906501b6f73eb09172.exe	81
PID 4092 wrote to memory of 1868	4092	d7e693e826cb766e78393be68bc677a2d8245538dab4fe906501b6f73eb09172.exe	81

C:\Users\Admin\AppData\Local\Temp\d7e693e826cb766e78393be68bc677a2d8245538dab4fe906501b6f73eb09172.exe
"C:\Users\Admin\AppData\Local\Temp\d7e693e826cb766e78393be68bc677a2d8245538dab4fe906501b6f73eb09172.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4092
- C:\Users\Admin\AppData\Local\Temp\d7e693e826cb766e78393be68bc677a2d8245538dab4fe906501b6f73eb09172.exe
  C:\Users\Admin\AppData\Local\Temp\d7e693e826cb766e78393be68bc677a2d8245538dab4fe906501b6f73eb09172.exe
  2⤵
  PID:1868

memory/1868-133-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1868-136-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4092-135-0x00000000023A0000-0x00000000023A4000-memory.dmp

Filesize
16KB

Download