d4d60c4cc4340d24e52f3e05883c7047b20e67286b61d743159dad13b988dcb3

Analysis

max time kernel
189s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 06:00

Target

d4d60c4cc4340d24e52f3e05883c7047b20e67286b61d743159dad13b988dcb3.exe
Size

180KB
MD5

83dbc95f6ce5cfacf945ccdd95387f76
SHA1

45e041d4baf9bc1aea6f89e644ea8415549a91e4
SHA256

d4d60c4cc4340d24e52f3e05883c7047b20e67286b61d743159dad13b988dcb3
SHA512

c7742e06f2388364444bd26961d9bc508bf511171149d0432b09e40ed876ee817a25000f8cc8d0f6568e077c41c71b991b4b0363922fee4beb2b283690fa4bc4
SSDEEP

3072:G/GfTQHP8PvVkhh92zyWkhDejl62TIjWws7FGypgMr2KH6FRBEYwN1zpSTpDOx:f0v8Pdfzsej42Tk5fyeMmlEPjzQTpDY

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1060 set thread context of 4120	1060	d4d60c4cc4340d24e52f3e05883c7047b20e67286b61d743159dad13b988dcb3.exe	81

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1060	d4d60c4cc4340d24e52f3e05883c7047b20e67286b61d743159dad13b988dcb3.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1060 wrote to memory of 4120	1060	d4d60c4cc4340d24e52f3e05883c7047b20e67286b61d743159dad13b988dcb3.exe	81
PID 1060 wrote to memory of 4120	1060	d4d60c4cc4340d24e52f3e05883c7047b20e67286b61d743159dad13b988dcb3.exe	81
PID 1060 wrote to memory of 4120	1060	d4d60c4cc4340d24e52f3e05883c7047b20e67286b61d743159dad13b988dcb3.exe	81
PID 1060 wrote to memory of 4120	1060	d4d60c4cc4340d24e52f3e05883c7047b20e67286b61d743159dad13b988dcb3.exe	81
PID 1060 wrote to memory of 4120	1060	d4d60c4cc4340d24e52f3e05883c7047b20e67286b61d743159dad13b988dcb3.exe	81
PID 1060 wrote to memory of 4120	1060	d4d60c4cc4340d24e52f3e05883c7047b20e67286b61d743159dad13b988dcb3.exe	81
PID 1060 wrote to memory of 4120	1060	d4d60c4cc4340d24e52f3e05883c7047b20e67286b61d743159dad13b988dcb3.exe	81
PID 1060 wrote to memory of 4120	1060	d4d60c4cc4340d24e52f3e05883c7047b20e67286b61d743159dad13b988dcb3.exe	81

C:\Users\Admin\AppData\Local\Temp\d4d60c4cc4340d24e52f3e05883c7047b20e67286b61d743159dad13b988dcb3.exe
"C:\Users\Admin\AppData\Local\Temp\d4d60c4cc4340d24e52f3e05883c7047b20e67286b61d743159dad13b988dcb3.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1060
- C:\Users\Admin\AppData\Local\Temp\d4d60c4cc4340d24e52f3e05883c7047b20e67286b61d743159dad13b988dcb3.exe
  "C:\Users\Admin\AppData\Local\Temp\d4d60c4cc4340d24e52f3e05883c7047b20e67286b61d743159dad13b988dcb3.exe"
  2⤵
  PID:4120

memory/4120-135-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4120-137-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download