26374f898a5e08b8ef40937159ab9804010a4385e053efdb584621a461e1d222

Analysis

max time kernel
91s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19-10-2022 14:20

Target

26374f898a5e08b8ef40937159ab9804010a4385e053efdb584621a461e1d222.exe
Size

1.1MB
MD5

8261224d3c0c8ba254c9ec872683aea0
SHA1

46d9292d68f8a824cbdabd849730e1ba77db9d0a
SHA256

26374f898a5e08b8ef40937159ab9804010a4385e053efdb584621a461e1d222
SHA512

d0cf3f9630dc74a1449a765918bb0f9e1456a6686174fd3b8209a70954222ce967a287a16960d39a7951027827485f7f9f249507181972edc8b7c4b57de99206
SSDEEP

12288:RD3g1pennnnnCsBwGOHBvblq0ib9efT5AB+K10Ojb1uiABW+kH+bl4OEIAzInvTt:jBwFBzFAB+i/bk7kXHw+qBOaqjxKrGq

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4132 set thread context of 1372	4132	26374f898a5e08b8ef40937159ab9804010a4385e053efdb584621a461e1d222.exe	83

Suspicious use of SetWindowsHookEx 5 IoCs

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4132 wrote to memory of 1372	4132	26374f898a5e08b8ef40937159ab9804010a4385e053efdb584621a461e1d222.exe	83
PID 4132 wrote to memory of 1372	4132	26374f898a5e08b8ef40937159ab9804010a4385e053efdb584621a461e1d222.exe	83
PID 4132 wrote to memory of 1372	4132	26374f898a5e08b8ef40937159ab9804010a4385e053efdb584621a461e1d222.exe	83
PID 4132 wrote to memory of 1372	4132	26374f898a5e08b8ef40937159ab9804010a4385e053efdb584621a461e1d222.exe	83
PID 4132 wrote to memory of 1372	4132	26374f898a5e08b8ef40937159ab9804010a4385e053efdb584621a461e1d222.exe	83
PID 4132 wrote to memory of 1372	4132	26374f898a5e08b8ef40937159ab9804010a4385e053efdb584621a461e1d222.exe	83
PID 4132 wrote to memory of 1372	4132	26374f898a5e08b8ef40937159ab9804010a4385e053efdb584621a461e1d222.exe	83
PID 4132 wrote to memory of 1372	4132	26374f898a5e08b8ef40937159ab9804010a4385e053efdb584621a461e1d222.exe	83
PID 4132 wrote to memory of 1372	4132	26374f898a5e08b8ef40937159ab9804010a4385e053efdb584621a461e1d222.exe	83
PID 4132 wrote to memory of 1372	4132	26374f898a5e08b8ef40937159ab9804010a4385e053efdb584621a461e1d222.exe	83

C:\Users\Admin\AppData\Local\Temp\26374f898a5e08b8ef40937159ab9804010a4385e053efdb584621a461e1d222.exe
"C:\Users\Admin\AppData\Local\Temp\26374f898a5e08b8ef40937159ab9804010a4385e053efdb584621a461e1d222.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4132
- C:\Users\Admin\AppData\Local\Temp\26374f898a5e08b8ef40937159ab9804010a4385e053efdb584621a461e1d222.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1372

memory/1372-132-0x0000000000000000-mapping.dmp

Download
memory/1372-133-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/1372-134-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/1372-135-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/1372-136-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/1372-137-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download