a76847bf7abd121c1bce23a668207f96e176b00ab183e6c1c3a708788a5b6d66

Analysis

max time kernel
180s
max time network
208s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
26/11/2022, 01:17

Target

a76847bf7abd121c1bce23a668207f96e176b00ab183e6c1c3a708788a5b6d66.exe
Size

1.2MB
MD5

afc7e1a5ff05cff8a81e22d1cb6727e3
SHA1

1b1c75d61fa8a0c02b6b3e02973ead37488d296f
SHA256

a76847bf7abd121c1bce23a668207f96e176b00ab183e6c1c3a708788a5b6d66
SHA512

77af2166c6c6cc4bd94c825269ccff1c2b59828debc3ffe3230f8532bf984951d9a86ffccf3f23ce4e09662848fc48f24420b94a3fbed3f313a4595ee5ccf48e
SSDEEP

24576:mpEdL1+miBQxprjUQftJLpV1VnaLcpI4Ig+JxMY:EEqmvxD3pRaLcZIg+P

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1456 set thread context of 364	1456	a76847bf7abd121c1bce23a668207f96e176b00ab183e6c1c3a708788a5b6d66.exe	81

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
364	a76847bf7abd121c1bce23a668207f96e176b00ab183e6c1c3a708788a5b6d66.exe
364	a76847bf7abd121c1bce23a668207f96e176b00ab183e6c1c3a708788a5b6d66.exe
364	a76847bf7abd121c1bce23a668207f96e176b00ab183e6c1c3a708788a5b6d66.exe
364	a76847bf7abd121c1bce23a668207f96e176b00ab183e6c1c3a708788a5b6d66.exe
364	a76847bf7abd121c1bce23a668207f96e176b00ab183e6c1c3a708788a5b6d66.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 364	1456	a76847bf7abd121c1bce23a668207f96e176b00ab183e6c1c3a708788a5b6d66.exe	81
PID 1456 wrote to memory of 364	1456	a76847bf7abd121c1bce23a668207f96e176b00ab183e6c1c3a708788a5b6d66.exe	81
PID 1456 wrote to memory of 364	1456	a76847bf7abd121c1bce23a668207f96e176b00ab183e6c1c3a708788a5b6d66.exe	81
PID 1456 wrote to memory of 364	1456	a76847bf7abd121c1bce23a668207f96e176b00ab183e6c1c3a708788a5b6d66.exe	81
PID 1456 wrote to memory of 364	1456	a76847bf7abd121c1bce23a668207f96e176b00ab183e6c1c3a708788a5b6d66.exe	81
PID 1456 wrote to memory of 364	1456	a76847bf7abd121c1bce23a668207f96e176b00ab183e6c1c3a708788a5b6d66.exe	81
PID 1456 wrote to memory of 364	1456	a76847bf7abd121c1bce23a668207f96e176b00ab183e6c1c3a708788a5b6d66.exe	81
PID 1456 wrote to memory of 364	1456	a76847bf7abd121c1bce23a668207f96e176b00ab183e6c1c3a708788a5b6d66.exe	81
PID 1456 wrote to memory of 364	1456	a76847bf7abd121c1bce23a668207f96e176b00ab183e6c1c3a708788a5b6d66.exe	81
PID 1456 wrote to memory of 364	1456	a76847bf7abd121c1bce23a668207f96e176b00ab183e6c1c3a708788a5b6d66.exe	81

C:\Users\Admin\AppData\Local\Temp\a76847bf7abd121c1bce23a668207f96e176b00ab183e6c1c3a708788a5b6d66.exe
"C:\Users\Admin\AppData\Local\Temp\a76847bf7abd121c1bce23a668207f96e176b00ab183e6c1c3a708788a5b6d66.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Users\Admin\AppData\Local\Temp\a76847bf7abd121c1bce23a668207f96e176b00ab183e6c1c3a708788a5b6d66.exe
  "C:\Users\Admin\AppData\Local\Temp\a76847bf7abd121c1bce23a668207f96e176b00ab183e6c1c3a708788a5b6d66.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:364

memory/364-133-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/364-134-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/364-135-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/364-136-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/364-137-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/364-138-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download