7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80

Analysis

max time kernel
108s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 15:48

Target

7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80.exe
Size

768KB
MD5

176f027dec2780bf44b98fe823da2f7f
SHA1

322ffa91c2e3e595f2225cd22344f70f0863bb30
SHA256

7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80
SHA512

5dcd64e7391cccc86f0583e156396076b46a5745274c00baeb1683b5f29676924709a85431e700dfa83ff49d83f3347e444793fcd8f1db96d12ed75170d5348b
SSDEEP

12288:JQhfzq4kq73ToS0K9mK9jC+K91fzq4kmILv:eT7C8m8jR8Riv

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80.exe

description	pid	process	target process
PID 2012 set thread context of 3792	2012	7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80.exe	7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80.exe

pid process

2012 7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80.exe

pid	process
2012	7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80.exe

description	pid	process	target process
PID 2012 wrote to memory of 3792	2012	7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80.exe	7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80.exe
PID 2012 wrote to memory of 3792	2012	7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80.exe	7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80.exe
PID 2012 wrote to memory of 3792	2012	7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80.exe	7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80.exe
PID 2012 wrote to memory of 3792	2012	7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80.exe	7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80.exe
PID 2012 wrote to memory of 3792	2012	7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80.exe	7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80.exe
PID 2012 wrote to memory of 3792	2012	7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80.exe	7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80.exe
PID 2012 wrote to memory of 3792	2012	7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80.exe	7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80.exe

C:\Users\Admin\AppData\Local\Temp\7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80.exe
"C:\Users\Admin\AppData\Local\Temp\7bba1b47bb05c98c8ce31921c3a142ca04c9bb7327ea22858576eb50275ecd80.exe"
2⤵
PID:3792

memory/2012-134-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2012-135-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/2012-138-0x0000000000400000-0x00000000004C7000-memory.dmp

Filesize
796KB

Download
memory/3792-136-0x0000000000000000-mapping.dmp

Download
memory/3792-137-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download