15f7839369f4600a51cdb9f3c9ca7f65cf219e77b4e4ae4b338d2fded5d180a6

Analysis

max time kernel
140s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2022, 18:07

Target

15f7839369f4600a51cdb9f3c9ca7f65cf219e77b4e4ae4b338d2fded5d180a6.exe
Size

1.5MB
MD5

f096821a1dea42bc2ee4744fdba3b42d
SHA1

d20c496d6329d938ff659d340a6f3653bac85941
SHA256

15f7839369f4600a51cdb9f3c9ca7f65cf219e77b4e4ae4b338d2fded5d180a6
SHA512

94eb70e5921d44c93378e694c22fc2e5a21b4a62ed69b5a335217e74eae86dd7dec2ca816567580c7c7c9e0d4c42bc1ca394bead84f801a5339fc40eb4966d91
SSDEEP

24576:S5IM/V0deM5lZ2ykPYMkrQ1OrWaRyv2PBcSL+L5/+FMoQl/ugQWiBdrfO+a+0:YIBfvMkrNrf0u3qdaNLgQWiO+U

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2516 set thread context of 844	2516	15f7839369f4600a51cdb9f3c9ca7f65cf219e77b4e4ae4b338d2fded5d180a6.exe	82

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
844	15f7839369f4600a51cdb9f3c9ca7f65cf219e77b4e4ae4b338d2fded5d180a6.exe
844	15f7839369f4600a51cdb9f3c9ca7f65cf219e77b4e4ae4b338d2fded5d180a6.exe
844	15f7839369f4600a51cdb9f3c9ca7f65cf219e77b4e4ae4b338d2fded5d180a6.exe
844	15f7839369f4600a51cdb9f3c9ca7f65cf219e77b4e4ae4b338d2fded5d180a6.exe
844	15f7839369f4600a51cdb9f3c9ca7f65cf219e77b4e4ae4b338d2fded5d180a6.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 844	2516	15f7839369f4600a51cdb9f3c9ca7f65cf219e77b4e4ae4b338d2fded5d180a6.exe	82
PID 2516 wrote to memory of 844	2516	15f7839369f4600a51cdb9f3c9ca7f65cf219e77b4e4ae4b338d2fded5d180a6.exe	82
PID 2516 wrote to memory of 844	2516	15f7839369f4600a51cdb9f3c9ca7f65cf219e77b4e4ae4b338d2fded5d180a6.exe	82
PID 2516 wrote to memory of 844	2516	15f7839369f4600a51cdb9f3c9ca7f65cf219e77b4e4ae4b338d2fded5d180a6.exe	82
PID 2516 wrote to memory of 844	2516	15f7839369f4600a51cdb9f3c9ca7f65cf219e77b4e4ae4b338d2fded5d180a6.exe	82
PID 2516 wrote to memory of 844	2516	15f7839369f4600a51cdb9f3c9ca7f65cf219e77b4e4ae4b338d2fded5d180a6.exe	82
PID 2516 wrote to memory of 844	2516	15f7839369f4600a51cdb9f3c9ca7f65cf219e77b4e4ae4b338d2fded5d180a6.exe	82
PID 2516 wrote to memory of 844	2516	15f7839369f4600a51cdb9f3c9ca7f65cf219e77b4e4ae4b338d2fded5d180a6.exe	82
PID 2516 wrote to memory of 844	2516	15f7839369f4600a51cdb9f3c9ca7f65cf219e77b4e4ae4b338d2fded5d180a6.exe	82
PID 2516 wrote to memory of 844	2516	15f7839369f4600a51cdb9f3c9ca7f65cf219e77b4e4ae4b338d2fded5d180a6.exe	82

C:\Users\Admin\AppData\Local\Temp\15f7839369f4600a51cdb9f3c9ca7f65cf219e77b4e4ae4b338d2fded5d180a6.exe
"C:\Users\Admin\AppData\Local\Temp\15f7839369f4600a51cdb9f3c9ca7f65cf219e77b4e4ae4b338d2fded5d180a6.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Users\Admin\AppData\Local\Temp\15f7839369f4600a51cdb9f3c9ca7f65cf219e77b4e4ae4b338d2fded5d180a6.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:844

memory/844-133-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/844-134-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/844-135-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/844-136-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download
memory/844-137-0x0000000000400000-0x00000000004E8000-memory.dmp

Filesize
928KB

Download