c9c704480acdff0c5a4ea9d925c2b549ff68e167076d886feeaa82b952439ec0

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2022, 21:14

Target

c9c704480acdff0c5a4ea9d925c2b549ff68e167076d886feeaa82b952439ec0.exe
Size

1.4MB
MD5

58832fb952604ec2e21b106fe9f51131
SHA1

8a696080f1e5ecc08538fb0f8a2d3e92c2361561
SHA256

c9c704480acdff0c5a4ea9d925c2b549ff68e167076d886feeaa82b952439ec0
SHA512

417046674c4177ea25f00872739c9d310e29a7763138378731f1a740a3a3008e5f17c56ba27a8aa0928bbf35cff031cdec6207b5f55bb52303dee4c7e99b0b95
SSDEEP

24576:hrK6dClXmekxlm1dl4r260n4dz0as5jc3AZ1COwiUP/5lq8AH:hrBew72604doSw6ewo

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3028 set thread context of 2616	3028	c9c704480acdff0c5a4ea9d925c2b549ff68e167076d886feeaa82b952439ec0.exe	84

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2616	c9c704480acdff0c5a4ea9d925c2b549ff68e167076d886feeaa82b952439ec0.exe
2616	c9c704480acdff0c5a4ea9d925c2b549ff68e167076d886feeaa82b952439ec0.exe
2616	c9c704480acdff0c5a4ea9d925c2b549ff68e167076d886feeaa82b952439ec0.exe
2616	c9c704480acdff0c5a4ea9d925c2b549ff68e167076d886feeaa82b952439ec0.exe
2616	c9c704480acdff0c5a4ea9d925c2b549ff68e167076d886feeaa82b952439ec0.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2616	3028	c9c704480acdff0c5a4ea9d925c2b549ff68e167076d886feeaa82b952439ec0.exe	84
PID 3028 wrote to memory of 2616	3028	c9c704480acdff0c5a4ea9d925c2b549ff68e167076d886feeaa82b952439ec0.exe	84
PID 3028 wrote to memory of 2616	3028	c9c704480acdff0c5a4ea9d925c2b549ff68e167076d886feeaa82b952439ec0.exe	84
PID 3028 wrote to memory of 2616	3028	c9c704480acdff0c5a4ea9d925c2b549ff68e167076d886feeaa82b952439ec0.exe	84
PID 3028 wrote to memory of 2616	3028	c9c704480acdff0c5a4ea9d925c2b549ff68e167076d886feeaa82b952439ec0.exe	84
PID 3028 wrote to memory of 2616	3028	c9c704480acdff0c5a4ea9d925c2b549ff68e167076d886feeaa82b952439ec0.exe	84
PID 3028 wrote to memory of 2616	3028	c9c704480acdff0c5a4ea9d925c2b549ff68e167076d886feeaa82b952439ec0.exe	84
PID 3028 wrote to memory of 2616	3028	c9c704480acdff0c5a4ea9d925c2b549ff68e167076d886feeaa82b952439ec0.exe	84
PID 3028 wrote to memory of 2616	3028	c9c704480acdff0c5a4ea9d925c2b549ff68e167076d886feeaa82b952439ec0.exe	84
PID 3028 wrote to memory of 2616	3028	c9c704480acdff0c5a4ea9d925c2b549ff68e167076d886feeaa82b952439ec0.exe	84

C:\Users\Admin\AppData\Local\Temp\c9c704480acdff0c5a4ea9d925c2b549ff68e167076d886feeaa82b952439ec0.exe
"C:\Users\Admin\AppData\Local\Temp\c9c704480acdff0c5a4ea9d925c2b549ff68e167076d886feeaa82b952439ec0.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Users\Admin\AppData\Local\Temp\c9c704480acdff0c5a4ea9d925c2b549ff68e167076d886feeaa82b952439ec0.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2616

memory/2616-133-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2616-134-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2616-135-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2616-136-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/2616-137-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download