9bcbd8d89ab21240606f5e62ae3889c298a1aef19cba05560bd3a739a0e72406

Analysis

max time kernel
146s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2022, 23:55

Target

9bcbd8d89ab21240606f5e62ae3889c298a1aef19cba05560bd3a739a0e72406.exe
Size

244KB
MD5

52b1c3588bdd08d019cf30f70b6a4695
SHA1

b261c2516ff688f11a31d21d79d4ac06b3030584
SHA256

9bcbd8d89ab21240606f5e62ae3889c298a1aef19cba05560bd3a739a0e72406
SHA512

41039b611429faa7d7bf31328514ef5ff922f3533ec95538e29ff63769dfe5d1b583f88be19d6ac2350ca46eaa64be2775f06ab07aacd232d572ba939e4dbd85
SSDEEP

6144:4hak5s5nl0py1Q5WlnJY6HLXktK4mH8/4lYS+B9XHV:oan5nl0s5lJY6HAtKrHMfX1

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3480 set thread context of 388	3480	9bcbd8d89ab21240606f5e62ae3889c298a1aef19cba05560bd3a739a0e72406.exe	82

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3480	9bcbd8d89ab21240606f5e62ae3889c298a1aef19cba05560bd3a739a0e72406.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3480 wrote to memory of 388	3480	9bcbd8d89ab21240606f5e62ae3889c298a1aef19cba05560bd3a739a0e72406.exe	82
PID 3480 wrote to memory of 388	3480	9bcbd8d89ab21240606f5e62ae3889c298a1aef19cba05560bd3a739a0e72406.exe	82
PID 3480 wrote to memory of 388	3480	9bcbd8d89ab21240606f5e62ae3889c298a1aef19cba05560bd3a739a0e72406.exe	82
PID 3480 wrote to memory of 388	3480	9bcbd8d89ab21240606f5e62ae3889c298a1aef19cba05560bd3a739a0e72406.exe	82
PID 3480 wrote to memory of 388	3480	9bcbd8d89ab21240606f5e62ae3889c298a1aef19cba05560bd3a739a0e72406.exe	82
PID 3480 wrote to memory of 388	3480	9bcbd8d89ab21240606f5e62ae3889c298a1aef19cba05560bd3a739a0e72406.exe	82
PID 3480 wrote to memory of 388	3480	9bcbd8d89ab21240606f5e62ae3889c298a1aef19cba05560bd3a739a0e72406.exe	82
PID 3480 wrote to memory of 388	3480	9bcbd8d89ab21240606f5e62ae3889c298a1aef19cba05560bd3a739a0e72406.exe	82

C:\Users\Admin\AppData\Local\Temp\9bcbd8d89ab21240606f5e62ae3889c298a1aef19cba05560bd3a739a0e72406.exe
"C:\Users\Admin\AppData\Local\Temp\9bcbd8d89ab21240606f5e62ae3889c298a1aef19cba05560bd3a739a0e72406.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3480
- C:\Users\Admin\AppData\Local\Temp\9bcbd8d89ab21240606f5e62ae3889c298a1aef19cba05560bd3a739a0e72406.exe
  "C:\Users\Admin\AppData\Local\Temp\9bcbd8d89ab21240606f5e62ae3889c298a1aef19cba05560bd3a739a0e72406.exe"
  2⤵
  PID:388

memory/388-135-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/388-137-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download