480f1b483a1d3634daa3d5e6c4d41f962994b0dd529bab41e61b8801bd6d7fcc

Analysis

max time kernel
201s
max time network
251s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
25/11/2022, 22:11

Target

480f1b483a1d3634daa3d5e6c4d41f962994b0dd529bab41e61b8801bd6d7fcc.exe
Size

1.3MB
MD5

388199502eb426f9c9e4b40b1533cc65
SHA1

3e28e7a628f1b8c8f4a09675774706d1936c7dc9
SHA256

480f1b483a1d3634daa3d5e6c4d41f962994b0dd529bab41e61b8801bd6d7fcc
SHA512

8aa4097af5a68375ad5cf33bd7a6eae17b363e55fdabf9d7bf8bc7a02d5a7c39ec6eaaaf3129fe96786805ae70713cdfc49df8fc08af11ed804e011f14ef8b04
SSDEEP

24576:4OiZzDXGLFP53UG7bL1HohIE6BvRx0GOb/4+a0q3bhAqtxe9:Ri1DWLFP53UGe76x0ZUphdt

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1688 set thread context of 4852	1688	480f1b483a1d3634daa3d5e6c4d41f962994b0dd529bab41e61b8801bd6d7fcc.exe	81

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4852	480f1b483a1d3634daa3d5e6c4d41f962994b0dd529bab41e61b8801bd6d7fcc.exe
4852	480f1b483a1d3634daa3d5e6c4d41f962994b0dd529bab41e61b8801bd6d7fcc.exe
4852	480f1b483a1d3634daa3d5e6c4d41f962994b0dd529bab41e61b8801bd6d7fcc.exe
4852	480f1b483a1d3634daa3d5e6c4d41f962994b0dd529bab41e61b8801bd6d7fcc.exe
4852	480f1b483a1d3634daa3d5e6c4d41f962994b0dd529bab41e61b8801bd6d7fcc.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 4852	1688	480f1b483a1d3634daa3d5e6c4d41f962994b0dd529bab41e61b8801bd6d7fcc.exe	81
PID 1688 wrote to memory of 4852	1688	480f1b483a1d3634daa3d5e6c4d41f962994b0dd529bab41e61b8801bd6d7fcc.exe	81
PID 1688 wrote to memory of 4852	1688	480f1b483a1d3634daa3d5e6c4d41f962994b0dd529bab41e61b8801bd6d7fcc.exe	81
PID 1688 wrote to memory of 4852	1688	480f1b483a1d3634daa3d5e6c4d41f962994b0dd529bab41e61b8801bd6d7fcc.exe	81
PID 1688 wrote to memory of 4852	1688	480f1b483a1d3634daa3d5e6c4d41f962994b0dd529bab41e61b8801bd6d7fcc.exe	81
PID 1688 wrote to memory of 4852	1688	480f1b483a1d3634daa3d5e6c4d41f962994b0dd529bab41e61b8801bd6d7fcc.exe	81
PID 1688 wrote to memory of 4852	1688	480f1b483a1d3634daa3d5e6c4d41f962994b0dd529bab41e61b8801bd6d7fcc.exe	81
PID 1688 wrote to memory of 4852	1688	480f1b483a1d3634daa3d5e6c4d41f962994b0dd529bab41e61b8801bd6d7fcc.exe	81
PID 1688 wrote to memory of 4852	1688	480f1b483a1d3634daa3d5e6c4d41f962994b0dd529bab41e61b8801bd6d7fcc.exe	81
PID 1688 wrote to memory of 4852	1688	480f1b483a1d3634daa3d5e6c4d41f962994b0dd529bab41e61b8801bd6d7fcc.exe	81

C:\Users\Admin\AppData\Local\Temp\480f1b483a1d3634daa3d5e6c4d41f962994b0dd529bab41e61b8801bd6d7fcc.exe
"C:\Users\Admin\AppData\Local\Temp\480f1b483a1d3634daa3d5e6c4d41f962994b0dd529bab41e61b8801bd6d7fcc.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Users\Admin\AppData\Local\Temp\480f1b483a1d3634daa3d5e6c4d41f962994b0dd529bab41e61b8801bd6d7fcc.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4852

memory/4852-133-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4852-134-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4852-135-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4852-136-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4852-137-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4852-138-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download