b6b9ca3e5880b89e2fed9fb7d007ed020c0412688647a41541607378a6b24667

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 10:11

Target

b6b9ca3e5880b89e2fed9fb7d007ed020c0412688647a41541607378a6b24667.exe
Size

892KB
MD5

7fd076052c68bf697907cfbaebb069ae
SHA1

b88afc6542f5439a401de7659e9a84bfa231903e
SHA256

b6b9ca3e5880b89e2fed9fb7d007ed020c0412688647a41541607378a6b24667
SHA512

49bdbfe61c09087cd76e96aac134c291aa35e2ca974017acbe1a0cdbc4c6f8ff88ef7b7e2d3beebf2124c71b34030d8db637f7c01fcd82d7dd0488ae7739de0b
SSDEEP

6144:Sdceluelu9T1Q/pZ1RK89hbg4HoSQmG4R:c810Hk4Oti

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1764 set thread context of 1964	1764	b6b9ca3e5880b89e2fed9fb7d007ed020c0412688647a41541607378a6b24667.exe	28

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1764	b6b9ca3e5880b89e2fed9fb7d007ed020c0412688647a41541607378a6b24667.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 1964	1764	b6b9ca3e5880b89e2fed9fb7d007ed020c0412688647a41541607378a6b24667.exe	28
PID 1764 wrote to memory of 1964	1764	b6b9ca3e5880b89e2fed9fb7d007ed020c0412688647a41541607378a6b24667.exe	28
PID 1764 wrote to memory of 1964	1764	b6b9ca3e5880b89e2fed9fb7d007ed020c0412688647a41541607378a6b24667.exe	28
PID 1764 wrote to memory of 1964	1764	b6b9ca3e5880b89e2fed9fb7d007ed020c0412688647a41541607378a6b24667.exe	28
PID 1764 wrote to memory of 1964	1764	b6b9ca3e5880b89e2fed9fb7d007ed020c0412688647a41541607378a6b24667.exe	28
PID 1764 wrote to memory of 1964	1764	b6b9ca3e5880b89e2fed9fb7d007ed020c0412688647a41541607378a6b24667.exe	28
PID 1764 wrote to memory of 1964	1764	b6b9ca3e5880b89e2fed9fb7d007ed020c0412688647a41541607378a6b24667.exe	28
PID 1764 wrote to memory of 1964	1764	b6b9ca3e5880b89e2fed9fb7d007ed020c0412688647a41541607378a6b24667.exe	28

C:\Users\Admin\AppData\Local\Temp\b6b9ca3e5880b89e2fed9fb7d007ed020c0412688647a41541607378a6b24667.exe
"C:\Users\Admin\AppData\Local\Temp\b6b9ca3e5880b89e2fed9fb7d007ed020c0412688647a41541607378a6b24667.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Users\Admin\AppData\Local\Temp\b6b9ca3e5880b89e2fed9fb7d007ed020c0412688647a41541607378a6b24667.exe
  "C:\Users\Admin\AppData\Local\Temp\b6b9ca3e5880b89e2fed9fb7d007ed020c0412688647a41541607378a6b24667.exe"
  2⤵
  PID:1964

memory/1764-59-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1964-56-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1964-57-0x0000000000407C89-mapping.dmp

Download
memory/1964-60-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/1964-61-0x0000000075BA1000-0x0000000075BA3000-memory.dmp

Filesize
8KB

Download
memory/1964-62-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download