b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5

Analysis

max time kernel
90s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
22/11/2022, 07:00

Target

b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe
Size

1.3MB
MD5

8a0c9b1197b39266532487c8a2ecca85
SHA1

1463e8d45a40ffaaaf2ae1c4ada35ce94d0a4235
SHA256

b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5
SHA512

79968d962726d7da242eee5a0771a9fd2cf3e154d6b8533f9e8874da72fba88ee52f89f59a98baa2cde7d900ee935a435512764920d7ed70bf598c7aba9dda98
SSDEEP

24576:zrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPak8:zrKo4ZwCOnYjVmJPaj

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4252 set thread context of 3608	4252	b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe	81

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3608	b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe
3608	b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe
3608	b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe
3608	b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe
3608	b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4252 wrote to memory of 3608	4252	b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe	81
PID 4252 wrote to memory of 3608	4252	b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe	81
PID 4252 wrote to memory of 3608	4252	b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe	81
PID 4252 wrote to memory of 3608	4252	b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe	81
PID 4252 wrote to memory of 3608	4252	b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe	81
PID 4252 wrote to memory of 3608	4252	b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe	81
PID 4252 wrote to memory of 3608	4252	b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe	81
PID 4252 wrote to memory of 3608	4252	b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe	81
PID 4252 wrote to memory of 3608	4252	b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe	81
PID 4252 wrote to memory of 3608	4252	b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe	81

C:\Users\Admin\AppData\Local\Temp\b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe
"C:\Users\Admin\AppData\Local\Temp\b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4252
- C:\Users\Admin\AppData\Local\Temp\b5af272dcef7b10d1db8daffc5a12689db35e286b5a86958289b792b017753e5.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3608

memory/3608-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3608-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3608-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3608-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3608-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download