6338e4362f65d5cc6c5c7529467a2f3a4474143399e43fc792dd5a639999f09d

Analysis

max time kernel
157s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
22-11-2022 11:49

Target

6338e4362f65d5cc6c5c7529467a2f3a4474143399e43fc792dd5a639999f09d.exe
Size

1.3MB
MD5

3ea296c660f10b917adfdd11ae50befd
SHA1

742a0ff07b566e7b6809e80cafb5035c01593ab2
SHA256

6338e4362f65d5cc6c5c7529467a2f3a4474143399e43fc792dd5a639999f09d
SHA512

d2757aa19635e54d328a56122877a2e49b5564171079b6f575abc4d182f77171ffee33f85d474035951422b970f696647fadde5860919864ba7facd7b3b85baa
SSDEEP

24576:rrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPak:rrKo4ZwCOnYjVmJPa

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3180 set thread context of 4080	3180	6338e4362f65d5cc6c5c7529467a2f3a4474143399e43fc792dd5a639999f09d.exe	83

Suspicious use of SetWindowsHookEx 5 IoCs

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 3180 wrote to memory of 4080	3180	6338e4362f65d5cc6c5c7529467a2f3a4474143399e43fc792dd5a639999f09d.exe	83
PID 3180 wrote to memory of 4080	3180	6338e4362f65d5cc6c5c7529467a2f3a4474143399e43fc792dd5a639999f09d.exe	83
PID 3180 wrote to memory of 4080	3180	6338e4362f65d5cc6c5c7529467a2f3a4474143399e43fc792dd5a639999f09d.exe	83
PID 3180 wrote to memory of 4080	3180	6338e4362f65d5cc6c5c7529467a2f3a4474143399e43fc792dd5a639999f09d.exe	83
PID 3180 wrote to memory of 4080	3180	6338e4362f65d5cc6c5c7529467a2f3a4474143399e43fc792dd5a639999f09d.exe	83
PID 3180 wrote to memory of 4080	3180	6338e4362f65d5cc6c5c7529467a2f3a4474143399e43fc792dd5a639999f09d.exe	83
PID 3180 wrote to memory of 4080	3180	6338e4362f65d5cc6c5c7529467a2f3a4474143399e43fc792dd5a639999f09d.exe	83
PID 3180 wrote to memory of 4080	3180	6338e4362f65d5cc6c5c7529467a2f3a4474143399e43fc792dd5a639999f09d.exe	83
PID 3180 wrote to memory of 4080	3180	6338e4362f65d5cc6c5c7529467a2f3a4474143399e43fc792dd5a639999f09d.exe	83
PID 3180 wrote to memory of 4080	3180	6338e4362f65d5cc6c5c7529467a2f3a4474143399e43fc792dd5a639999f09d.exe	83

C:\Users\Admin\AppData\Local\Temp\6338e4362f65d5cc6c5c7529467a2f3a4474143399e43fc792dd5a639999f09d.exe
"C:\Users\Admin\AppData\Local\Temp\6338e4362f65d5cc6c5c7529467a2f3a4474143399e43fc792dd5a639999f09d.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3180
- C:\Users\Admin\AppData\Local\Temp\6338e4362f65d5cc6c5c7529467a2f3a4474143399e43fc792dd5a639999f09d.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4080

memory/4080-132-0x0000000000000000-mapping.dmp

Download
memory/4080-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4080-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4080-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4080-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/4080-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download