a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f

Analysis

max time kernel
188s
max time network
200s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 05:31

Target

a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f.exe
Size

407KB
MD5

1ddb9ff7c16dde4ca378456f4aef6fcf
SHA1

4e08e81053a9b463a5fd8aead494acce56afe235
SHA256

a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f
SHA512

fdcdc7f7ea775adb996f011cfb71f8603af8715861a65cfcb9cf0f6cddc505d4fe6e760575208625099f27309f8a8c636daa2a6f3e750064d0a033b5e114284a
SSDEEP

6144:bvKud9DhiNsmtlZ2TYe4iPC02HUlm6BYGDix+:bo92TD4iPC1HUlm6BYG++

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f.exe

description	pid	process	target process
PID 828 set thread context of 2040	828	a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f.exe	a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f.exe

pid process

828 a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f.exe

pid	process
828	a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f.exe

description	pid	process	target process
PID 828 wrote to memory of 2040	828	a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f.exe	a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f.exe
PID 828 wrote to memory of 2040	828	a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f.exe	a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f.exe
PID 828 wrote to memory of 2040	828	a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f.exe	a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f.exe
PID 828 wrote to memory of 2040	828	a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f.exe	a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f.exe
PID 828 wrote to memory of 2040	828	a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f.exe	a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f.exe
PID 828 wrote to memory of 2040	828	a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f.exe	a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f.exe
PID 828 wrote to memory of 2040	828	a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f.exe	a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f.exe
PID 828 wrote to memory of 2040	828	a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f.exe	a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f.exe

C:\Users\Admin\AppData\Local\Temp\a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f.exe
"C:\Users\Admin\AppData\Local\Temp\a7a8234d424b063cfc1e78c4b537e329302bd6c83dbc47f49e97ec34124e909f.exe"
2⤵
PID:2040

memory/2040-134-0x0000000000000000-mapping.dmp

Download
memory/2040-135-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2040-137-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download