e21b4109027ed2dfb66cbcfe44f5505bb84313e0fa5de3587dfe49d1e3401904

Analysis

max time kernel
195s
max time network
249s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
25/11/2022, 20:43

Target

e21b4109027ed2dfb66cbcfe44f5505bb84313e0fa5de3587dfe49d1e3401904.exe
Size

1.3MB
MD5

5a17cfa8947762972896e0d4db8d3d32
SHA1

ff1c01fc14cffbf1ce154e10e4dcd1b4717b68c6
SHA256

e21b4109027ed2dfb66cbcfe44f5505bb84313e0fa5de3587dfe49d1e3401904
SHA512

d8180b983e0995b3a4f4d4c414778e27371f18a6fee94b444c6d4da24472d04d0524cb3793f5d7d469b282ea263bce66a7bf5874df5cc021b3733373a932ffe9
SSDEEP

24576:4OiZzDXGLFP53UG7bL1HohIE6BvRx0GOb/4+a0q3bhAqtxe9:Ri1DWLFP53UGe76x0ZUphdt

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3084 set thread context of 3724	3084	e21b4109027ed2dfb66cbcfe44f5505bb84313e0fa5de3587dfe49d1e3401904.exe	84

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3724	e21b4109027ed2dfb66cbcfe44f5505bb84313e0fa5de3587dfe49d1e3401904.exe
3724	e21b4109027ed2dfb66cbcfe44f5505bb84313e0fa5de3587dfe49d1e3401904.exe
3724	e21b4109027ed2dfb66cbcfe44f5505bb84313e0fa5de3587dfe49d1e3401904.exe
3724	e21b4109027ed2dfb66cbcfe44f5505bb84313e0fa5de3587dfe49d1e3401904.exe
3724	e21b4109027ed2dfb66cbcfe44f5505bb84313e0fa5de3587dfe49d1e3401904.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 3084 wrote to memory of 3724	3084	e21b4109027ed2dfb66cbcfe44f5505bb84313e0fa5de3587dfe49d1e3401904.exe	84
PID 3084 wrote to memory of 3724	3084	e21b4109027ed2dfb66cbcfe44f5505bb84313e0fa5de3587dfe49d1e3401904.exe	84
PID 3084 wrote to memory of 3724	3084	e21b4109027ed2dfb66cbcfe44f5505bb84313e0fa5de3587dfe49d1e3401904.exe	84
PID 3084 wrote to memory of 3724	3084	e21b4109027ed2dfb66cbcfe44f5505bb84313e0fa5de3587dfe49d1e3401904.exe	84
PID 3084 wrote to memory of 3724	3084	e21b4109027ed2dfb66cbcfe44f5505bb84313e0fa5de3587dfe49d1e3401904.exe	84
PID 3084 wrote to memory of 3724	3084	e21b4109027ed2dfb66cbcfe44f5505bb84313e0fa5de3587dfe49d1e3401904.exe	84
PID 3084 wrote to memory of 3724	3084	e21b4109027ed2dfb66cbcfe44f5505bb84313e0fa5de3587dfe49d1e3401904.exe	84
PID 3084 wrote to memory of 3724	3084	e21b4109027ed2dfb66cbcfe44f5505bb84313e0fa5de3587dfe49d1e3401904.exe	84
PID 3084 wrote to memory of 3724	3084	e21b4109027ed2dfb66cbcfe44f5505bb84313e0fa5de3587dfe49d1e3401904.exe	84
PID 3084 wrote to memory of 3724	3084	e21b4109027ed2dfb66cbcfe44f5505bb84313e0fa5de3587dfe49d1e3401904.exe	84

C:\Users\Admin\AppData\Local\Temp\e21b4109027ed2dfb66cbcfe44f5505bb84313e0fa5de3587dfe49d1e3401904.exe
"C:\Users\Admin\AppData\Local\Temp\e21b4109027ed2dfb66cbcfe44f5505bb84313e0fa5de3587dfe49d1e3401904.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3084
- C:\Users\Admin\AppData\Local\Temp\e21b4109027ed2dfb66cbcfe44f5505bb84313e0fa5de3587dfe49d1e3401904.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3724

memory/3724-134-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3724-135-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3724-136-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3724-137-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3724-138-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/3724-139-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download