196e2ff7db344f0be7fa11e32216ce4ffb6e2bdb5b9723c14c98eaaf88271780

Analysis

max time kernel
95s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 22:10

Target

196e2ff7db344f0be7fa11e32216ce4ffb6e2bdb5b9723c14c98eaaf88271780.exe
Size

72KB
MD5

4d66e7cb3c91074cf8c4a914ea7fe762
SHA1

07e4fb1e4ec0c5d794e605a6e1b0b2c782f21c46
SHA256

196e2ff7db344f0be7fa11e32216ce4ffb6e2bdb5b9723c14c98eaaf88271780
SHA512

70a231a0a23868529c7768ea1fefbd470589f253f09870c2911ecc118937313bf606ec0bb29fd2c54a92ad171a370d6a468c6cf3dae6c59b867e94722c075819
SSDEEP

768:NXxOS44sR2L2Xd24dW/kM2LE+pCDnin2Phc/H/Njw33YSnPLS+znJRfmCYH:5P7LRKwP2wxDnTPhc/fJw3HjjzLuCG

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1636 set thread context of 2544	1636	196e2ff7db344f0be7fa11e32216ce4ffb6e2bdb5b9723c14c98eaaf88271780.exe	80

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1636	196e2ff7db344f0be7fa11e32216ce4ffb6e2bdb5b9723c14c98eaaf88271780.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 2544	1636	196e2ff7db344f0be7fa11e32216ce4ffb6e2bdb5b9723c14c98eaaf88271780.exe	80
PID 1636 wrote to memory of 2544	1636	196e2ff7db344f0be7fa11e32216ce4ffb6e2bdb5b9723c14c98eaaf88271780.exe	80
PID 1636 wrote to memory of 2544	1636	196e2ff7db344f0be7fa11e32216ce4ffb6e2bdb5b9723c14c98eaaf88271780.exe	80
PID 1636 wrote to memory of 2544	1636	196e2ff7db344f0be7fa11e32216ce4ffb6e2bdb5b9723c14c98eaaf88271780.exe	80
PID 1636 wrote to memory of 2544	1636	196e2ff7db344f0be7fa11e32216ce4ffb6e2bdb5b9723c14c98eaaf88271780.exe	80
PID 1636 wrote to memory of 2544	1636	196e2ff7db344f0be7fa11e32216ce4ffb6e2bdb5b9723c14c98eaaf88271780.exe	80
PID 1636 wrote to memory of 2544	1636	196e2ff7db344f0be7fa11e32216ce4ffb6e2bdb5b9723c14c98eaaf88271780.exe	80

C:\Users\Admin\AppData\Local\Temp\196e2ff7db344f0be7fa11e32216ce4ffb6e2bdb5b9723c14c98eaaf88271780.exe
"C:\Users\Admin\AppData\Local\Temp\196e2ff7db344f0be7fa11e32216ce4ffb6e2bdb5b9723c14c98eaaf88271780.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Users\Admin\AppData\Local\Temp\196e2ff7db344f0be7fa11e32216ce4ffb6e2bdb5b9723c14c98eaaf88271780.exe
  C:\Users\Admin\AppData\Local\Temp\196e2ff7db344f0be7fa11e32216ce4ffb6e2bdb5b9723c14c98eaaf88271780.exe
  2⤵
  PID:2544

memory/2544-135-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2544-137-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2544-138-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2544-139-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download