d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71

Analysis

max time kernel
92s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2022, 03:45

Target

d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71.exe
Size

559KB
MD5

4bb1dcd39b08132e970fd8bda9443dd0
SHA1

73f12649f1bb035fdd9f7995febd3640c33b6be6
SHA256

d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71
SHA512

4b87b99c79917cc9371a48e8fb72c8a1faf0a47f0d375fabd0054206503a6450d77e27070196d6d0ed9d27a92e9b55962bcac6a8d9c73e8f31ebd35536c2dc19
SSDEEP

12288:FeXWvkP4Y4o+N69iHXszcVCH77SQp5ea9h1ZodPM1LDSaIjh:OWvHY4oK3szcVCYLM1LDSzjh

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4988 set thread context of 4932	4988	d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71.exe	82

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4932	d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71.exe
4932	d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71.exe
4932	d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71.exe
4932	d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4988	d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 4988 wrote to memory of 4932	4988	d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71.exe	82
PID 4988 wrote to memory of 4932	4988	d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71.exe	82
PID 4988 wrote to memory of 4932	4988	d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71.exe	82
PID 4988 wrote to memory of 4932	4988	d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71.exe	82
PID 4988 wrote to memory of 4932	4988	d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71.exe	82
PID 4988 wrote to memory of 4932	4988	d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71.exe	82
PID 4988 wrote to memory of 4932	4988	d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71.exe	82
PID 4932 wrote to memory of 2864	4932	d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71.exe	54
PID 4932 wrote to memory of 2864	4932	d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71.exe	54
PID 4932 wrote to memory of 2864	4932	d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71.exe	54
PID 4932 wrote to memory of 2864	4932	d9f399d24f99dc2daea49413cc3e9cd7a5f366e215ca6755a5f1363c48ed4a71.exe	54

memory/2864-140-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/4932-136-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4932-139-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/4932-141-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4988-132-0x0000000000400000-0x00000000005AE000-memory.dmp

Filesize
1.7MB

Download
memory/4988-138-0x0000000000400000-0x00000000005AE000-memory.dmp

Filesize
1.7MB

Download