0486c9effca42d2365b042a2b0292ca4b85a9d1557913c93c18506a931e58bf3

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-10-2022 14:07

Target

0486c9effca42d2365b042a2b0292ca4b85a9d1557913c93c18506a931e58bf3.exe
Size

136KB
MD5

91bcb670f64cdd256f275b92821b0748
SHA1

ee4f670504553ec7df1d1e7672fd996299363068
SHA256

0486c9effca42d2365b042a2b0292ca4b85a9d1557913c93c18506a931e58bf3
SHA512

0b47386c5ccadc8cdabafd81bc2973d596b2cae233791a25742d7535748009c7b1651f1f7ce463a139594a9b722ffc30cd79ecd11ed0927fc1d77f03795837f9
SSDEEP

3072:U6qwVpfUvVYTUvM0mHAnR7AJYBc92bB/t4J:UgUvfOU7/t4J

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2028 set thread context of 1784	2028	0486c9effca42d2365b042a2b0292ca4b85a9d1557913c93c18506a931e58bf3.exe	28

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2028	0486c9effca42d2365b042a2b0292ca4b85a9d1557913c93c18506a931e58bf3.exe
1784	0486c9effca42d2365b042a2b0292ca4b85a9d1557913c93c18506a931e58bf3.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 1784	2028	0486c9effca42d2365b042a2b0292ca4b85a9d1557913c93c18506a931e58bf3.exe	28
PID 2028 wrote to memory of 1784	2028	0486c9effca42d2365b042a2b0292ca4b85a9d1557913c93c18506a931e58bf3.exe	28
PID 2028 wrote to memory of 1784	2028	0486c9effca42d2365b042a2b0292ca4b85a9d1557913c93c18506a931e58bf3.exe	28
PID 2028 wrote to memory of 1784	2028	0486c9effca42d2365b042a2b0292ca4b85a9d1557913c93c18506a931e58bf3.exe	28
PID 2028 wrote to memory of 1784	2028	0486c9effca42d2365b042a2b0292ca4b85a9d1557913c93c18506a931e58bf3.exe	28
PID 2028 wrote to memory of 1784	2028	0486c9effca42d2365b042a2b0292ca4b85a9d1557913c93c18506a931e58bf3.exe	28
PID 2028 wrote to memory of 1784	2028	0486c9effca42d2365b042a2b0292ca4b85a9d1557913c93c18506a931e58bf3.exe	28
PID 2028 wrote to memory of 1784	2028	0486c9effca42d2365b042a2b0292ca4b85a9d1557913c93c18506a931e58bf3.exe	28
PID 2028 wrote to memory of 1784	2028	0486c9effca42d2365b042a2b0292ca4b85a9d1557913c93c18506a931e58bf3.exe	28

C:\Users\Admin\AppData\Local\Temp\0486c9effca42d2365b042a2b0292ca4b85a9d1557913c93c18506a931e58bf3.exe
"C:\Users\Admin\AppData\Local\Temp\0486c9effca42d2365b042a2b0292ca4b85a9d1557913c93c18506a931e58bf3.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Users\Admin\AppData\Local\Temp\0486c9effca42d2365b042a2b0292ca4b85a9d1557913c93c18506a931e58bf3.exe
  C:\Users\Admin\AppData\Local\Temp\0486c9effca42d2365b042a2b0292ca4b85a9d1557913c93c18506a931e58bf3.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1784

memory/1784-56-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/1784-57-0x0000000000401584-mapping.dmp

Download
memory/1784-61-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download