cc4a7d35ce8c3074c3d656c1ced0aa36d4e7de4fb7579516aecfe9d0c59ec94c

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2022 13:45

Target

cc4a7d35ce8c3074c3d656c1ced0aa36d4e7de4fb7579516aecfe9d0c59ec94c.exe
Size

1.3MB
MD5

421f6795c84e2fc2d2499f8025bc61e0
SHA1

927258097708239268b703c28369cad1298c1104
SHA256

cc4a7d35ce8c3074c3d656c1ced0aa36d4e7de4fb7579516aecfe9d0c59ec94c
SHA512

8648103839bdb3416f5cdbf9ffa2dc96dadf84eae486f646a17b3216ba4a9ba0c691675d7459bdf1a6055a382c4753a70ad7ede056b1ef491f0585a75b31fe70
SSDEEP

24576:4OiZzDXGLFP53UG7bL1HohIE6BvRx0GOb/4+a0q3bhAqtxe9A:Ri1DWLFP53UGe76x0ZUphdtf

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1104 set thread context of 2256	1104	cc4a7d35ce8c3074c3d656c1ced0aa36d4e7de4fb7579516aecfe9d0c59ec94c.exe	81

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2256	cc4a7d35ce8c3074c3d656c1ced0aa36d4e7de4fb7579516aecfe9d0c59ec94c.exe
2256	cc4a7d35ce8c3074c3d656c1ced0aa36d4e7de4fb7579516aecfe9d0c59ec94c.exe
2256	cc4a7d35ce8c3074c3d656c1ced0aa36d4e7de4fb7579516aecfe9d0c59ec94c.exe
2256	cc4a7d35ce8c3074c3d656c1ced0aa36d4e7de4fb7579516aecfe9d0c59ec94c.exe
2256	cc4a7d35ce8c3074c3d656c1ced0aa36d4e7de4fb7579516aecfe9d0c59ec94c.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 2256	1104	cc4a7d35ce8c3074c3d656c1ced0aa36d4e7de4fb7579516aecfe9d0c59ec94c.exe	81
PID 1104 wrote to memory of 2256	1104	cc4a7d35ce8c3074c3d656c1ced0aa36d4e7de4fb7579516aecfe9d0c59ec94c.exe	81
PID 1104 wrote to memory of 2256	1104	cc4a7d35ce8c3074c3d656c1ced0aa36d4e7de4fb7579516aecfe9d0c59ec94c.exe	81
PID 1104 wrote to memory of 2256	1104	cc4a7d35ce8c3074c3d656c1ced0aa36d4e7de4fb7579516aecfe9d0c59ec94c.exe	81
PID 1104 wrote to memory of 2256	1104	cc4a7d35ce8c3074c3d656c1ced0aa36d4e7de4fb7579516aecfe9d0c59ec94c.exe	81
PID 1104 wrote to memory of 2256	1104	cc4a7d35ce8c3074c3d656c1ced0aa36d4e7de4fb7579516aecfe9d0c59ec94c.exe	81
PID 1104 wrote to memory of 2256	1104	cc4a7d35ce8c3074c3d656c1ced0aa36d4e7de4fb7579516aecfe9d0c59ec94c.exe	81
PID 1104 wrote to memory of 2256	1104	cc4a7d35ce8c3074c3d656c1ced0aa36d4e7de4fb7579516aecfe9d0c59ec94c.exe	81
PID 1104 wrote to memory of 2256	1104	cc4a7d35ce8c3074c3d656c1ced0aa36d4e7de4fb7579516aecfe9d0c59ec94c.exe	81
PID 1104 wrote to memory of 2256	1104	cc4a7d35ce8c3074c3d656c1ced0aa36d4e7de4fb7579516aecfe9d0c59ec94c.exe	81

C:\Users\Admin\AppData\Local\Temp\cc4a7d35ce8c3074c3d656c1ced0aa36d4e7de4fb7579516aecfe9d0c59ec94c.exe
"C:\Users\Admin\AppData\Local\Temp\cc4a7d35ce8c3074c3d656c1ced0aa36d4e7de4fb7579516aecfe9d0c59ec94c.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Users\Admin\AppData\Local\Temp\cc4a7d35ce8c3074c3d656c1ced0aa36d4e7de4fb7579516aecfe9d0c59ec94c.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2256

memory/2256-132-0x0000000000000000-mapping.dmp

Download
memory/2256-133-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2256-134-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2256-135-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2256-136-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2256-137-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download