148f059d13d5dfdf0916cc9b9c499c808d398ab93b49397084360e71beba89a9

Analysis

max time kernel
158s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2022 19:14

Target

148f059d13d5dfdf0916cc9b9c499c808d398ab93b49397084360e71beba89a9.exe
Size

1.3MB
MD5

1e0a531e46f507ede46313f3daba903e
SHA1

9c3dc5276ea49841bd3325e77020d4adcbe7fdaf
SHA256

148f059d13d5dfdf0916cc9b9c499c808d398ab93b49397084360e71beba89a9
SHA512

93bd11b0f091da7048f1df4c0236c79ded3081e15bb5b15ac4ee90d8fdffcbbb76b6dadfb8dfafd38e347bec68b50f88d5c6a6bea3ef1a7e11e1b4d454b48b57
SSDEEP

24576:DXO93poEu4pCkao1bNQfSyNGXTYGwwKCWiBe+I351KDsTXY8vZ6QeFl:DMZoANNbyNGjW8u5MsTXY8vfil

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4316 set thread context of 4180	4316	148f059d13d5dfdf0916cc9b9c499c808d398ab93b49397084360e71beba89a9.exe	81

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4180	148f059d13d5dfdf0916cc9b9c499c808d398ab93b49397084360e71beba89a9.exe
4180	148f059d13d5dfdf0916cc9b9c499c808d398ab93b49397084360e71beba89a9.exe
4180	148f059d13d5dfdf0916cc9b9c499c808d398ab93b49397084360e71beba89a9.exe
4180	148f059d13d5dfdf0916cc9b9c499c808d398ab93b49397084360e71beba89a9.exe
4180	148f059d13d5dfdf0916cc9b9c499c808d398ab93b49397084360e71beba89a9.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4316 wrote to memory of 4180	4316	148f059d13d5dfdf0916cc9b9c499c808d398ab93b49397084360e71beba89a9.exe	81
PID 4316 wrote to memory of 4180	4316	148f059d13d5dfdf0916cc9b9c499c808d398ab93b49397084360e71beba89a9.exe	81
PID 4316 wrote to memory of 4180	4316	148f059d13d5dfdf0916cc9b9c499c808d398ab93b49397084360e71beba89a9.exe	81
PID 4316 wrote to memory of 4180	4316	148f059d13d5dfdf0916cc9b9c499c808d398ab93b49397084360e71beba89a9.exe	81
PID 4316 wrote to memory of 4180	4316	148f059d13d5dfdf0916cc9b9c499c808d398ab93b49397084360e71beba89a9.exe	81
PID 4316 wrote to memory of 4180	4316	148f059d13d5dfdf0916cc9b9c499c808d398ab93b49397084360e71beba89a9.exe	81
PID 4316 wrote to memory of 4180	4316	148f059d13d5dfdf0916cc9b9c499c808d398ab93b49397084360e71beba89a9.exe	81
PID 4316 wrote to memory of 4180	4316	148f059d13d5dfdf0916cc9b9c499c808d398ab93b49397084360e71beba89a9.exe	81
PID 4316 wrote to memory of 4180	4316	148f059d13d5dfdf0916cc9b9c499c808d398ab93b49397084360e71beba89a9.exe	81
PID 4316 wrote to memory of 4180	4316	148f059d13d5dfdf0916cc9b9c499c808d398ab93b49397084360e71beba89a9.exe	81

C:\Users\Admin\AppData\Local\Temp\148f059d13d5dfdf0916cc9b9c499c808d398ab93b49397084360e71beba89a9.exe
"C:\Users\Admin\AppData\Local\Temp\148f059d13d5dfdf0916cc9b9c499c808d398ab93b49397084360e71beba89a9.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4316
- C:\Users\Admin\AppData\Local\Temp\148f059d13d5dfdf0916cc9b9c499c808d398ab93b49397084360e71beba89a9.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4180

memory/4180-132-0x0000000000000000-mapping.dmp

Download
memory/4180-133-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4180-134-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4180-135-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4180-136-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4180-137-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download