6b5d98067c4b8a1c3b7370f48055b604a31fb5d00449ab1c4157d8db27112f50

Analysis

max time kernel
126s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
22/11/2022, 11:21

Target

6b5d98067c4b8a1c3b7370f48055b604a31fb5d00449ab1c4157d8db27112f50.exe
Size

1.3MB
MD5

2f9fb19f0652eb48e7274af033c1b036
SHA1

d78da406cacd980b8edd93f37ee0dc0eb757c0c7
SHA256

6b5d98067c4b8a1c3b7370f48055b604a31fb5d00449ab1c4157d8db27112f50
SHA512

7d90cd8db6cc4c8fbe2b75dd4dd84a2b4232b3fd4bedcf1d74b2bfd60b8ad14311cca1284563acc3611d81b62583788e11e085ed75b42563b8f913fe05d10e78
SSDEEP

24576:4OiZzDXGLFP53UG7bL1HohIE6BvRx0GOb/4+a0q3bhAqtxe9:Ri1DWLFP53UGe76x0ZUphdt

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1496 set thread context of 4796	1496	6b5d98067c4b8a1c3b7370f48055b604a31fb5d00449ab1c4157d8db27112f50.exe	84

Suspicious use of SetWindowsHookEx 5 IoCs

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 1496 wrote to memory of 4796	1496	6b5d98067c4b8a1c3b7370f48055b604a31fb5d00449ab1c4157d8db27112f50.exe	84
PID 1496 wrote to memory of 4796	1496	6b5d98067c4b8a1c3b7370f48055b604a31fb5d00449ab1c4157d8db27112f50.exe	84
PID 1496 wrote to memory of 4796	1496	6b5d98067c4b8a1c3b7370f48055b604a31fb5d00449ab1c4157d8db27112f50.exe	84
PID 1496 wrote to memory of 4796	1496	6b5d98067c4b8a1c3b7370f48055b604a31fb5d00449ab1c4157d8db27112f50.exe	84
PID 1496 wrote to memory of 4796	1496	6b5d98067c4b8a1c3b7370f48055b604a31fb5d00449ab1c4157d8db27112f50.exe	84
PID 1496 wrote to memory of 4796	1496	6b5d98067c4b8a1c3b7370f48055b604a31fb5d00449ab1c4157d8db27112f50.exe	84
PID 1496 wrote to memory of 4796	1496	6b5d98067c4b8a1c3b7370f48055b604a31fb5d00449ab1c4157d8db27112f50.exe	84
PID 1496 wrote to memory of 4796	1496	6b5d98067c4b8a1c3b7370f48055b604a31fb5d00449ab1c4157d8db27112f50.exe	84
PID 1496 wrote to memory of 4796	1496	6b5d98067c4b8a1c3b7370f48055b604a31fb5d00449ab1c4157d8db27112f50.exe	84
PID 1496 wrote to memory of 4796	1496	6b5d98067c4b8a1c3b7370f48055b604a31fb5d00449ab1c4157d8db27112f50.exe	84

C:\Users\Admin\AppData\Local\Temp\6b5d98067c4b8a1c3b7370f48055b604a31fb5d00449ab1c4157d8db27112f50.exe
"C:\Users\Admin\AppData\Local\Temp\6b5d98067c4b8a1c3b7370f48055b604a31fb5d00449ab1c4157d8db27112f50.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1496
- C:\Users\Admin\AppData\Local\Temp\6b5d98067c4b8a1c3b7370f48055b604a31fb5d00449ab1c4157d8db27112f50.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4796

memory/4796-133-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4796-134-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4796-135-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4796-136-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4796-137-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4796-138-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download