86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019

Analysis

max time kernel
278s
max time network
360s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 12:54

Target

has been verified. However PDF, IMG, docx, .xls
Size

1.0MB
MD5

b18fd4de724718b8d1fa887d94731da4
SHA1

97377a93c7fe211badd89a8a3f6ac46e85ae1926
SHA256

86fdff90584064c135a98f05986da5a03bd67abe414f1d8f5fbdbf4249430019
SHA512

ec54ded9bb21cb3b653ae3835960306d4b809dd353a365c21ed932845b20b7b30f80fb1c6e039fbfa06cd828d6fb5a8e28be73293b940bada5d2a378d21622cf
SSDEEP

24576:Qr5XXXXXXXXXXXXUXXXXXXXSXXXXXXXXhmpr5XXXXXXXXXXXXUXXXXXXXSXXXXXL:kxuzt

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

EXCEL.EXE

pid process

3120 EXCEL.EXE

pid	process
3120	EXCEL.EXE

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\has been verified. However PDF, IMG, docx, .xls"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3120

memory/3120-132-0x00007FF960090000-0x00007FF9600A0000-memory.dmp

Filesize
64KB

Download
memory/3120-133-0x00007FF960090000-0x00007FF9600A0000-memory.dmp

Filesize
64KB

Download
memory/3120-134-0x00007FF960090000-0x00007FF9600A0000-memory.dmp

Filesize
64KB

Download
memory/3120-135-0x00007FF960090000-0x00007FF9600A0000-memory.dmp

Filesize
64KB

Download
memory/3120-136-0x00007FF960090000-0x00007FF9600A0000-memory.dmp

Filesize
64KB

Download
memory/3120-137-0x00007FF95DB80000-0x00007FF95DB90000-memory.dmp

Filesize
64KB

Download