fee3f7252398f8dc07350f0f9eb0c06904e3e9860b500c948be55f348618d461

Analysis

max time kernel
159s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
24/11/2022, 08:01

Target

fee3f7252398f8dc07350f0f9eb0c06904e3e9860b500c948be55f348618d461.exe
Size

1.3MB
MD5

247b506cb662d43e673a4347071e0ce6
SHA1

3c9bbf6377d28cab3e6e36a86ee9e7704846171a
SHA256

fee3f7252398f8dc07350f0f9eb0c06904e3e9860b500c948be55f348618d461
SHA512

fc9c5b62cfd31deec6629832a85e73b40a1f48cb3b82f02f29053fca83cc93f9f807e53ed12ba34f24956c71d29db8c3bc7963746d2b67d2d2e71ca694f30c68
SSDEEP

24576:zrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPakj:zrKo4ZwCOnYjVmJPag

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1212 set thread context of 3724	1212	fee3f7252398f8dc07350f0f9eb0c06904e3e9860b500c948be55f348618d461.exe	82

Suspicious use of SetWindowsHookEx 5 IoCs

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 1212 wrote to memory of 3724	1212	fee3f7252398f8dc07350f0f9eb0c06904e3e9860b500c948be55f348618d461.exe	82
PID 1212 wrote to memory of 3724	1212	fee3f7252398f8dc07350f0f9eb0c06904e3e9860b500c948be55f348618d461.exe	82
PID 1212 wrote to memory of 3724	1212	fee3f7252398f8dc07350f0f9eb0c06904e3e9860b500c948be55f348618d461.exe	82
PID 1212 wrote to memory of 3724	1212	fee3f7252398f8dc07350f0f9eb0c06904e3e9860b500c948be55f348618d461.exe	82
PID 1212 wrote to memory of 3724	1212	fee3f7252398f8dc07350f0f9eb0c06904e3e9860b500c948be55f348618d461.exe	82
PID 1212 wrote to memory of 3724	1212	fee3f7252398f8dc07350f0f9eb0c06904e3e9860b500c948be55f348618d461.exe	82
PID 1212 wrote to memory of 3724	1212	fee3f7252398f8dc07350f0f9eb0c06904e3e9860b500c948be55f348618d461.exe	82
PID 1212 wrote to memory of 3724	1212	fee3f7252398f8dc07350f0f9eb0c06904e3e9860b500c948be55f348618d461.exe	82
PID 1212 wrote to memory of 3724	1212	fee3f7252398f8dc07350f0f9eb0c06904e3e9860b500c948be55f348618d461.exe	82
PID 1212 wrote to memory of 3724	1212	fee3f7252398f8dc07350f0f9eb0c06904e3e9860b500c948be55f348618d461.exe	82

C:\Users\Admin\AppData\Local\Temp\fee3f7252398f8dc07350f0f9eb0c06904e3e9860b500c948be55f348618d461.exe
"C:\Users\Admin\AppData\Local\Temp\fee3f7252398f8dc07350f0f9eb0c06904e3e9860b500c948be55f348618d461.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1212
- C:\Users\Admin\AppData\Local\Temp\fee3f7252398f8dc07350f0f9eb0c06904e3e9860b500c948be55f348618d461.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3724

memory/3724-133-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3724-134-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3724-135-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3724-136-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3724-137-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/3724-138-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download