cf941962fdff2b1ce2435da34dad7961d6a9fcd78b153f3c9f1c20e8a0fe444c

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
22/11/2022, 05:28

Target

cf941962fdff2b1ce2435da34dad7961d6a9fcd78b153f3c9f1c20e8a0fe444c.exe
Size

1.3MB
MD5

2206c71e67b4dd35028652da2cfb35d3
SHA1

0e9f0d71ed098150768a7fdee9490c6280d54632
SHA256

cf941962fdff2b1ce2435da34dad7961d6a9fcd78b153f3c9f1c20e8a0fe444c
SHA512

2d1b8af15e19fd1cf258b14a924a29416b0eab6d0127e3c0a3efcd3f65a431cefbe78a8a5a5a1eba9e368dcfdee2e2901d075d049c75a24f81d5232c6716b9b7
SSDEEP

24576:JDASdSysJOcj0VQpWbl7s2LP0CXuiAayiWASALUgv2j6R6XEVeRs9HgVfgF:OSQtk2zQytkgis6yxS

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4480 set thread context of 1608	4480	cf941962fdff2b1ce2435da34dad7961d6a9fcd78b153f3c9f1c20e8a0fe444c.exe	85

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1608	cf941962fdff2b1ce2435da34dad7961d6a9fcd78b153f3c9f1c20e8a0fe444c.exe
1608	cf941962fdff2b1ce2435da34dad7961d6a9fcd78b153f3c9f1c20e8a0fe444c.exe
1608	cf941962fdff2b1ce2435da34dad7961d6a9fcd78b153f3c9f1c20e8a0fe444c.exe
1608	cf941962fdff2b1ce2435da34dad7961d6a9fcd78b153f3c9f1c20e8a0fe444c.exe
1608	cf941962fdff2b1ce2435da34dad7961d6a9fcd78b153f3c9f1c20e8a0fe444c.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4480 wrote to memory of 1608	4480	cf941962fdff2b1ce2435da34dad7961d6a9fcd78b153f3c9f1c20e8a0fe444c.exe	85
PID 4480 wrote to memory of 1608	4480	cf941962fdff2b1ce2435da34dad7961d6a9fcd78b153f3c9f1c20e8a0fe444c.exe	85
PID 4480 wrote to memory of 1608	4480	cf941962fdff2b1ce2435da34dad7961d6a9fcd78b153f3c9f1c20e8a0fe444c.exe	85
PID 4480 wrote to memory of 1608	4480	cf941962fdff2b1ce2435da34dad7961d6a9fcd78b153f3c9f1c20e8a0fe444c.exe	85
PID 4480 wrote to memory of 1608	4480	cf941962fdff2b1ce2435da34dad7961d6a9fcd78b153f3c9f1c20e8a0fe444c.exe	85
PID 4480 wrote to memory of 1608	4480	cf941962fdff2b1ce2435da34dad7961d6a9fcd78b153f3c9f1c20e8a0fe444c.exe	85
PID 4480 wrote to memory of 1608	4480	cf941962fdff2b1ce2435da34dad7961d6a9fcd78b153f3c9f1c20e8a0fe444c.exe	85
PID 4480 wrote to memory of 1608	4480	cf941962fdff2b1ce2435da34dad7961d6a9fcd78b153f3c9f1c20e8a0fe444c.exe	85
PID 4480 wrote to memory of 1608	4480	cf941962fdff2b1ce2435da34dad7961d6a9fcd78b153f3c9f1c20e8a0fe444c.exe	85
PID 4480 wrote to memory of 1608	4480	cf941962fdff2b1ce2435da34dad7961d6a9fcd78b153f3c9f1c20e8a0fe444c.exe	85

C:\Users\Admin\AppData\Local\Temp\cf941962fdff2b1ce2435da34dad7961d6a9fcd78b153f3c9f1c20e8a0fe444c.exe
"C:\Users\Admin\AppData\Local\Temp\cf941962fdff2b1ce2435da34dad7961d6a9fcd78b153f3c9f1c20e8a0fe444c.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4480
- C:\Users\Admin\AppData\Local\Temp\cf941962fdff2b1ce2435da34dad7961d6a9fcd78b153f3c9f1c20e8a0fe444c.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1608

memory/1608-133-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1608-134-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1608-135-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1608-136-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1608-137-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1608-138-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download