4efc7fb28aa60be5b4a9f0cc2d56fb89ac2f20ba6edd29e715e75a8ae16a2713

Analysis

max time kernel
44s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 13:10

Target

4efc7fb28aa60be5b4a9f0cc2d56fb89ac2f20ba6edd29e715e75a8ae16a2713.exe
Size

316KB
MD5

0da9ae469bc85d6cc30a055e616f0bab
SHA1

863b21923df0d6aac1d3cf8eddb513ad3596a31b
SHA256

4efc7fb28aa60be5b4a9f0cc2d56fb89ac2f20ba6edd29e715e75a8ae16a2713
SHA512

41cbaf138a1ac70ed13ef471ff1280e05a39b1b77d6473f924a1be5198c424f84eab136040376a4d5597b6e368ad27f3364b742dc4a5927ed34ef2d63417c45b
SSDEEP

6144:VoomlZDd0+MhoMnX+GGjGGtGGxGgG0GyGUGjGG3GGoGGQGhGGsGG4GGEGGgGGTG1:VAFMuMnXPl7qAkyEK7lrS2+o

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1348 set thread context of 1864	1348	4efc7fb28aa60be5b4a9f0cc2d56fb89ac2f20ba6edd29e715e75a8ae16a2713.exe	27

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1348	4efc7fb28aa60be5b4a9f0cc2d56fb89ac2f20ba6edd29e715e75a8ae16a2713.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 1864	1348	4efc7fb28aa60be5b4a9f0cc2d56fb89ac2f20ba6edd29e715e75a8ae16a2713.exe	27
PID 1348 wrote to memory of 1864	1348	4efc7fb28aa60be5b4a9f0cc2d56fb89ac2f20ba6edd29e715e75a8ae16a2713.exe	27
PID 1348 wrote to memory of 1864	1348	4efc7fb28aa60be5b4a9f0cc2d56fb89ac2f20ba6edd29e715e75a8ae16a2713.exe	27
PID 1348 wrote to memory of 1864	1348	4efc7fb28aa60be5b4a9f0cc2d56fb89ac2f20ba6edd29e715e75a8ae16a2713.exe	27
PID 1348 wrote to memory of 1864	1348	4efc7fb28aa60be5b4a9f0cc2d56fb89ac2f20ba6edd29e715e75a8ae16a2713.exe	27
PID 1348 wrote to memory of 1864	1348	4efc7fb28aa60be5b4a9f0cc2d56fb89ac2f20ba6edd29e715e75a8ae16a2713.exe	27
PID 1348 wrote to memory of 1864	1348	4efc7fb28aa60be5b4a9f0cc2d56fb89ac2f20ba6edd29e715e75a8ae16a2713.exe	27
PID 1348 wrote to memory of 1864	1348	4efc7fb28aa60be5b4a9f0cc2d56fb89ac2f20ba6edd29e715e75a8ae16a2713.exe	27
PID 1348 wrote to memory of 1864	1348	4efc7fb28aa60be5b4a9f0cc2d56fb89ac2f20ba6edd29e715e75a8ae16a2713.exe	27

C:\Users\Admin\AppData\Local\Temp\4efc7fb28aa60be5b4a9f0cc2d56fb89ac2f20ba6edd29e715e75a8ae16a2713.exe
"C:\Users\Admin\AppData\Local\Temp\4efc7fb28aa60be5b4a9f0cc2d56fb89ac2f20ba6edd29e715e75a8ae16a2713.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Users\Admin\AppData\Local\Temp\4efc7fb28aa60be5b4a9f0cc2d56fb89ac2f20ba6edd29e715e75a8ae16a2713.exe
  "C:\Users\Admin\AppData\Local\Temp\4efc7fb28aa60be5b4a9f0cc2d56fb89ac2f20ba6edd29e715e75a8ae16a2713.exe"
  2⤵
  PID:1864

memory/1348-64-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/1864-56-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1864-57-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1864-59-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1864-60-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1864-62-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/1864-65-0x0000000075601000-0x0000000075603000-memory.dmp

Filesize
8KB

Download
memory/1864-66-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download