90439c0b9a2c3a542570975e8483e82bc11b1861f95dc1f21a3c908fcd8461b7

Analysis

max time kernel
142s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2022, 20:12

Target

90439c0b9a2c3a542570975e8483e82bc11b1861f95dc1f21a3c908fcd8461b7.exe
Size

1.0MB
MD5

56e2419970ec09f9027a33925f9ace6c
SHA1

3ffe815d84ad5482f22f12fc944e13d97a3beac1
SHA256

90439c0b9a2c3a542570975e8483e82bc11b1861f95dc1f21a3c908fcd8461b7
SHA512

2c44e1450ec16fd1d4905d738b0ecf9588cfbe7b7e7edbd97277b56563a5b686b453f74da62001e2bb45161234a7b60ec02c032d68ec41104aa5a7b68503e56c
SSDEEP

24576:oJ0FPl0XoDnqgEdhlaCT3xXGHRXjEuuMjM4jm6dVriAUli8WXHXlpX:oWFPaXGalaCTt8XjwoGji8g

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 680 set thread context of 4660	680	90439c0b9a2c3a542570975e8483e82bc11b1861f95dc1f21a3c908fcd8461b7.exe	85

Suspicious use of SetWindowsHookEx 5 IoCs

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 680 wrote to memory of 4660	680	90439c0b9a2c3a542570975e8483e82bc11b1861f95dc1f21a3c908fcd8461b7.exe	85
PID 680 wrote to memory of 4660	680	90439c0b9a2c3a542570975e8483e82bc11b1861f95dc1f21a3c908fcd8461b7.exe	85
PID 680 wrote to memory of 4660	680	90439c0b9a2c3a542570975e8483e82bc11b1861f95dc1f21a3c908fcd8461b7.exe	85
PID 680 wrote to memory of 4660	680	90439c0b9a2c3a542570975e8483e82bc11b1861f95dc1f21a3c908fcd8461b7.exe	85
PID 680 wrote to memory of 4660	680	90439c0b9a2c3a542570975e8483e82bc11b1861f95dc1f21a3c908fcd8461b7.exe	85
PID 680 wrote to memory of 4660	680	90439c0b9a2c3a542570975e8483e82bc11b1861f95dc1f21a3c908fcd8461b7.exe	85
PID 680 wrote to memory of 4660	680	90439c0b9a2c3a542570975e8483e82bc11b1861f95dc1f21a3c908fcd8461b7.exe	85
PID 680 wrote to memory of 4660	680	90439c0b9a2c3a542570975e8483e82bc11b1861f95dc1f21a3c908fcd8461b7.exe	85
PID 680 wrote to memory of 4660	680	90439c0b9a2c3a542570975e8483e82bc11b1861f95dc1f21a3c908fcd8461b7.exe	85
PID 680 wrote to memory of 4660	680	90439c0b9a2c3a542570975e8483e82bc11b1861f95dc1f21a3c908fcd8461b7.exe	85

C:\Users\Admin\AppData\Local\Temp\90439c0b9a2c3a542570975e8483e82bc11b1861f95dc1f21a3c908fcd8461b7.exe
"C:\Users\Admin\AppData\Local\Temp\90439c0b9a2c3a542570975e8483e82bc11b1861f95dc1f21a3c908fcd8461b7.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:680
- C:\Users\Admin\AppData\Local\Temp\90439c0b9a2c3a542570975e8483e82bc11b1861f95dc1f21a3c908fcd8461b7.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4660

memory/4660-133-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4660-134-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4660-135-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4660-136-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4660-137-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download