35b6746d1aacaf96889be39a5ed765e1e6cceb5ac8f38b31ebea625653cf79a1

Analysis

max time kernel
123s
max time network
251s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
25/11/2022, 17:54

Target

2014_11vodafone_onlinerechnung_0020003909_november_3903980009_11_00000000445.exe
Size

148KB
MD5

6d114c7a21aab94456d8e8d4aef88362
SHA1

1229f292c46ffa1bde2db69227c4e98c2e46ae3a
SHA256

0b577f76b08c5267eb5f2f8596127a28a6eaf5ff2089cff6be0b689f31850124
SHA512

828b656d5eeb4e225af9bc76fad68fd51f5bc6a867450f200e005782231cfd762ceef3d2341aa9e2dcfca9db656637dda71ee6b93083664a36e15f02a0342e03
SSDEEP

3072:5fSj3q4+o/mYSpVygq2xW+rQDuZz4AYOr8Hkv:xSusZSXRY+rBF4AYOr8

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4688 set thread context of 1588	4688	2014_11vodafone_onlinerechnung_0020003909_november_3903980009_11_00000000445.exe	80

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4688	2014_11vodafone_onlinerechnung_0020003909_november_3903980009_11_00000000445.exe
4688	2014_11vodafone_onlinerechnung_0020003909_november_3903980009_11_00000000445.exe
4688	2014_11vodafone_onlinerechnung_0020003909_november_3903980009_11_00000000445.exe
4688	2014_11vodafone_onlinerechnung_0020003909_november_3903980009_11_00000000445.exe
4688	2014_11vodafone_onlinerechnung_0020003909_november_3903980009_11_00000000445.exe
4688	2014_11vodafone_onlinerechnung_0020003909_november_3903980009_11_00000000445.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4688	2014_11vodafone_onlinerechnung_0020003909_november_3903980009_11_00000000445.exe
4688	2014_11vodafone_onlinerechnung_0020003909_november_3903980009_11_00000000445.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 4688 wrote to memory of 1588	4688	2014_11vodafone_onlinerechnung_0020003909_november_3903980009_11_00000000445.exe	80
PID 4688 wrote to memory of 1588	4688	2014_11vodafone_onlinerechnung_0020003909_november_3903980009_11_00000000445.exe	80
PID 4688 wrote to memory of 1588	4688	2014_11vodafone_onlinerechnung_0020003909_november_3903980009_11_00000000445.exe	80
PID 4688 wrote to memory of 1588	4688	2014_11vodafone_onlinerechnung_0020003909_november_3903980009_11_00000000445.exe	80
PID 4688 wrote to memory of 1588	4688	2014_11vodafone_onlinerechnung_0020003909_november_3903980009_11_00000000445.exe	80
PID 4688 wrote to memory of 1588	4688	2014_11vodafone_onlinerechnung_0020003909_november_3903980009_11_00000000445.exe	80
PID 4688 wrote to memory of 1588	4688	2014_11vodafone_onlinerechnung_0020003909_november_3903980009_11_00000000445.exe	80
PID 4688 wrote to memory of 1588	4688	2014_11vodafone_onlinerechnung_0020003909_november_3903980009_11_00000000445.exe	80
PID 4688 wrote to memory of 1588	4688	2014_11vodafone_onlinerechnung_0020003909_november_3903980009_11_00000000445.exe	80
PID 1588 wrote to memory of 3720	1588	2014_11vodafone_onlinerechnung_0020003909_november_3903980009_11_00000000445.exe	81
PID 1588 wrote to memory of 3720	1588	2014_11vodafone_onlinerechnung_0020003909_november_3903980009_11_00000000445.exe	81
PID 1588 wrote to memory of 3720	1588	2014_11vodafone_onlinerechnung_0020003909_november_3903980009_11_00000000445.exe	81

memory/1588-133-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/1588-136-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/4688-135-0x0000000000C30000-0x0000000000C34000-memory.dmp

Filesize
16KB

Download