091dc50b2815e3df18b72269946965463b34951246104cdf23a1ab043e178009

Analysis

max time kernel
149s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 08:09

Target

091dc50b2815e3df18b72269946965463b34951246104cdf23a1ab043e178009.exe
Size

428KB
MD5

a3408eb6c6522b9170fc7c5d980106b0
SHA1

cf4ff1b7626bea1e0ec643c8e11f6966ed50408d
SHA256

091dc50b2815e3df18b72269946965463b34951246104cdf23a1ab043e178009
SHA512

a8f9475be7c47c4de5d7ba758f4ceb2073dbcf800e63ad743bd1127e53102a1a63b0502f6e29ebcb63869a4cdda94b9d57acac3397f36d1ee842be1d98db8e81
SSDEEP

12288:4c//////XwcR7Aaf5n9lK9uqto7h5u4Nd3QtegW:4c//////XPPf59lK9uqtCO4N5gG

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 5020 set thread context of 1688	5020	091dc50b2815e3df18b72269946965463b34951246104cdf23a1ab043e178009.exe	82

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 5020 wrote to memory of 1688	5020	091dc50b2815e3df18b72269946965463b34951246104cdf23a1ab043e178009.exe	82
PID 5020 wrote to memory of 1688	5020	091dc50b2815e3df18b72269946965463b34951246104cdf23a1ab043e178009.exe	82
PID 5020 wrote to memory of 1688	5020	091dc50b2815e3df18b72269946965463b34951246104cdf23a1ab043e178009.exe	82
PID 5020 wrote to memory of 1688	5020	091dc50b2815e3df18b72269946965463b34951246104cdf23a1ab043e178009.exe	82
PID 5020 wrote to memory of 1688	5020	091dc50b2815e3df18b72269946965463b34951246104cdf23a1ab043e178009.exe	82

C:\Users\Admin\AppData\Local\Temp\091dc50b2815e3df18b72269946965463b34951246104cdf23a1ab043e178009.exe
"C:\Users\Admin\AppData\Local\Temp\091dc50b2815e3df18b72269946965463b34951246104cdf23a1ab043e178009.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:5020
- C:\Users\Admin\AppData\Local\Temp\091dc50b2815e3df18b72269946965463b34951246104cdf23a1ab043e178009.exe
  C:\Users\Admin\AppData\Local\Temp\091dc50b2815e3df18b72269946965463b34951246104cdf23a1ab043e178009.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1688

memory/1688-133-0x0000000000400000-0x0000000000504000-memory.dmp

Filesize
1.0MB

Download
memory/1688-135-0x0000000000400000-0x0000000000504000-memory.dmp

Filesize
1.0MB

Download
memory/1688-136-0x0000000000400000-0x0000000000504000-memory.dmp

Filesize
1.0MB

Download
memory/1688-137-0x0000000000400000-0x0000000000504000-memory.dmp

Filesize
1.0MB

Download