0921f62d59d3d65ad318bdceea633c472379ff374ab929c412be0473427cebab

Analysis

max time kernel
204s
max time network
206s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
26/11/2022, 02:06

Target

0921f62d59d3d65ad318bdceea633c472379ff374ab929c412be0473427cebab.exe
Size

1.2MB
MD5

c5a730b4ae64dea30a41f2425b39d201
SHA1

72a6c98fad8cb1050c99c9fcb9245725d26fa7e0
SHA256

0921f62d59d3d65ad318bdceea633c472379ff374ab929c412be0473427cebab
SHA512

03f0026da79475c9deab0ccb3afe662f1eacc0115434119d29a5500857338bc95f6543b8dccfc298403bbe70dc35eb97f0550cb00923fd484c706632f23877e1
SSDEEP

24576:JXIe1k135jsYx0ySMIAA/9I+8jhIFqpmMcZIKxKfD:JXfyFBIAupqpm1asS

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3172 set thread context of 4796	3172	0921f62d59d3d65ad318bdceea633c472379ff374ab929c412be0473427cebab.exe	82

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4796	0921f62d59d3d65ad318bdceea633c472379ff374ab929c412be0473427cebab.exe
4796	0921f62d59d3d65ad318bdceea633c472379ff374ab929c412be0473427cebab.exe
4796	0921f62d59d3d65ad318bdceea633c472379ff374ab929c412be0473427cebab.exe
4796	0921f62d59d3d65ad318bdceea633c472379ff374ab929c412be0473427cebab.exe
4796	0921f62d59d3d65ad318bdceea633c472379ff374ab929c412be0473427cebab.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 3172 wrote to memory of 4796	3172	0921f62d59d3d65ad318bdceea633c472379ff374ab929c412be0473427cebab.exe	82
PID 3172 wrote to memory of 4796	3172	0921f62d59d3d65ad318bdceea633c472379ff374ab929c412be0473427cebab.exe	82
PID 3172 wrote to memory of 4796	3172	0921f62d59d3d65ad318bdceea633c472379ff374ab929c412be0473427cebab.exe	82
PID 3172 wrote to memory of 4796	3172	0921f62d59d3d65ad318bdceea633c472379ff374ab929c412be0473427cebab.exe	82
PID 3172 wrote to memory of 4796	3172	0921f62d59d3d65ad318bdceea633c472379ff374ab929c412be0473427cebab.exe	82
PID 3172 wrote to memory of 4796	3172	0921f62d59d3d65ad318bdceea633c472379ff374ab929c412be0473427cebab.exe	82
PID 3172 wrote to memory of 4796	3172	0921f62d59d3d65ad318bdceea633c472379ff374ab929c412be0473427cebab.exe	82
PID 3172 wrote to memory of 4796	3172	0921f62d59d3d65ad318bdceea633c472379ff374ab929c412be0473427cebab.exe	82
PID 3172 wrote to memory of 4796	3172	0921f62d59d3d65ad318bdceea633c472379ff374ab929c412be0473427cebab.exe	82
PID 3172 wrote to memory of 4796	3172	0921f62d59d3d65ad318bdceea633c472379ff374ab929c412be0473427cebab.exe	82

C:\Users\Admin\AppData\Local\Temp\0921f62d59d3d65ad318bdceea633c472379ff374ab929c412be0473427cebab.exe
"C:\Users\Admin\AppData\Local\Temp\0921f62d59d3d65ad318bdceea633c472379ff374ab929c412be0473427cebab.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3172
- C:\Users\Admin\AppData\Local\Temp\0921f62d59d3d65ad318bdceea633c472379ff374ab929c412be0473427cebab.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4796

memory/4796-133-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4796-134-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4796-135-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4796-136-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4796-137-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download