fcd96a677de00b423c16be11cb4dd9578e74b781ca6b3435d199dda854bb1d60

Analysis

max time kernel
159s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
22-11-2022 02:45

Target

fcd96a677de00b423c16be11cb4dd9578e74b781ca6b3435d199dda854bb1d60.exe
Size

1.3MB
MD5

2664d547dd8b08f211d00545fbb7d7b1
SHA1

4a7d68673025aa6e03f61fad4f3eeb45f9a419c0
SHA256

fcd96a677de00b423c16be11cb4dd9578e74b781ca6b3435d199dda854bb1d60
SHA512

a9e2817bca0374bea5567e5edb19ffa4c586a154794246aeedc2983c8969e8fee3580b35cdaf0673ab551dcd0dcf5ef678772aa09ea0b51776bd597ac89e33fb
SSDEEP

24576:zrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPak7:zrKo4ZwCOnYjVmJPaE

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4988 set thread context of 2568	4988	fcd96a677de00b423c16be11cb4dd9578e74b781ca6b3435d199dda854bb1d60.exe	82

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2568	fcd96a677de00b423c16be11cb4dd9578e74b781ca6b3435d199dda854bb1d60.exe
2568	fcd96a677de00b423c16be11cb4dd9578e74b781ca6b3435d199dda854bb1d60.exe
2568	fcd96a677de00b423c16be11cb4dd9578e74b781ca6b3435d199dda854bb1d60.exe
2568	fcd96a677de00b423c16be11cb4dd9578e74b781ca6b3435d199dda854bb1d60.exe
2568	fcd96a677de00b423c16be11cb4dd9578e74b781ca6b3435d199dda854bb1d60.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4988 wrote to memory of 2568	4988	fcd96a677de00b423c16be11cb4dd9578e74b781ca6b3435d199dda854bb1d60.exe	82
PID 4988 wrote to memory of 2568	4988	fcd96a677de00b423c16be11cb4dd9578e74b781ca6b3435d199dda854bb1d60.exe	82
PID 4988 wrote to memory of 2568	4988	fcd96a677de00b423c16be11cb4dd9578e74b781ca6b3435d199dda854bb1d60.exe	82
PID 4988 wrote to memory of 2568	4988	fcd96a677de00b423c16be11cb4dd9578e74b781ca6b3435d199dda854bb1d60.exe	82
PID 4988 wrote to memory of 2568	4988	fcd96a677de00b423c16be11cb4dd9578e74b781ca6b3435d199dda854bb1d60.exe	82
PID 4988 wrote to memory of 2568	4988	fcd96a677de00b423c16be11cb4dd9578e74b781ca6b3435d199dda854bb1d60.exe	82
PID 4988 wrote to memory of 2568	4988	fcd96a677de00b423c16be11cb4dd9578e74b781ca6b3435d199dda854bb1d60.exe	82
PID 4988 wrote to memory of 2568	4988	fcd96a677de00b423c16be11cb4dd9578e74b781ca6b3435d199dda854bb1d60.exe	82
PID 4988 wrote to memory of 2568	4988	fcd96a677de00b423c16be11cb4dd9578e74b781ca6b3435d199dda854bb1d60.exe	82
PID 4988 wrote to memory of 2568	4988	fcd96a677de00b423c16be11cb4dd9578e74b781ca6b3435d199dda854bb1d60.exe	82

C:\Users\Admin\AppData\Local\Temp\fcd96a677de00b423c16be11cb4dd9578e74b781ca6b3435d199dda854bb1d60.exe
"C:\Users\Admin\AppData\Local\Temp\fcd96a677de00b423c16be11cb4dd9578e74b781ca6b3435d199dda854bb1d60.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4988
- C:\Users\Admin\AppData\Local\Temp\fcd96a677de00b423c16be11cb4dd9578e74b781ca6b3435d199dda854bb1d60.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2568

memory/2568-132-0x0000000000000000-mapping.dmp

Download
memory/2568-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/2568-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/2568-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/2568-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/2568-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/2568-138-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download