ddfbd4d00fbcc692696475a699ef6f152b40869f5a5289af6e44b460c58a0b24

Analysis

max time kernel
42s
max time network
62s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 12:06

Target

ddfbd4d00fbcc692696475a699ef6f152b40869f5a5289af6e44b460c58a0b24.exe
Size

205KB
MD5

136e1a75e4ceb874e13ca0b941a2e743
SHA1

7e19eb53aff5cc7c15be32540f21d27e87127c41
SHA256

ddfbd4d00fbcc692696475a699ef6f152b40869f5a5289af6e44b460c58a0b24
SHA512

a066b7f0216e69e79224858f64804c06e6dddbbdf10f9430266646aba4e537c0f9896811a53b4e36b7a71e76096fa436345f5c697698e89a0da16fe2fcc150d4
SSDEEP

3072:VBt06yohsa6XLnxQ5h480DqBRhVh8njm9VCEGKH+YOMp7Ld7Gkcm/:Vhb9SC2DqBRhVh8njm9VCwH+ep7Ld7Gu

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1596 set thread context of 972	1596	ddfbd4d00fbcc692696475a699ef6f152b40869f5a5289af6e44b460c58a0b24.exe	28

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1596	ddfbd4d00fbcc692696475a699ef6f152b40869f5a5289af6e44b460c58a0b24.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1596 wrote to memory of 972	1596	ddfbd4d00fbcc692696475a699ef6f152b40869f5a5289af6e44b460c58a0b24.exe	28
PID 1596 wrote to memory of 972	1596	ddfbd4d00fbcc692696475a699ef6f152b40869f5a5289af6e44b460c58a0b24.exe	28
PID 1596 wrote to memory of 972	1596	ddfbd4d00fbcc692696475a699ef6f152b40869f5a5289af6e44b460c58a0b24.exe	28
PID 1596 wrote to memory of 972	1596	ddfbd4d00fbcc692696475a699ef6f152b40869f5a5289af6e44b460c58a0b24.exe	28
PID 1596 wrote to memory of 972	1596	ddfbd4d00fbcc692696475a699ef6f152b40869f5a5289af6e44b460c58a0b24.exe	28
PID 1596 wrote to memory of 972	1596	ddfbd4d00fbcc692696475a699ef6f152b40869f5a5289af6e44b460c58a0b24.exe	28
PID 1596 wrote to memory of 972	1596	ddfbd4d00fbcc692696475a699ef6f152b40869f5a5289af6e44b460c58a0b24.exe	28
PID 1596 wrote to memory of 972	1596	ddfbd4d00fbcc692696475a699ef6f152b40869f5a5289af6e44b460c58a0b24.exe	28
PID 1596 wrote to memory of 972	1596	ddfbd4d00fbcc692696475a699ef6f152b40869f5a5289af6e44b460c58a0b24.exe	28
PID 1596 wrote to memory of 972	1596	ddfbd4d00fbcc692696475a699ef6f152b40869f5a5289af6e44b460c58a0b24.exe	28
PID 1596 wrote to memory of 972	1596	ddfbd4d00fbcc692696475a699ef6f152b40869f5a5289af6e44b460c58a0b24.exe	28

C:\Users\Admin\AppData\Local\Temp\ddfbd4d00fbcc692696475a699ef6f152b40869f5a5289af6e44b460c58a0b24.exe
"C:\Users\Admin\AppData\Local\Temp\ddfbd4d00fbcc692696475a699ef6f152b40869f5a5289af6e44b460c58a0b24.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1596
- C:\Users\Admin\AppData\Local\Temp\ddfbd4d00fbcc692696475a699ef6f152b40869f5a5289af6e44b460c58a0b24.exe
  C:\Users\Admin\AppData\Local\Temp\ddfbd4d00fbcc692696475a699ef6f152b40869f5a5289af6e44b460c58a0b24.exe
  2⤵
  PID:972

memory/972-57-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/972-59-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/972-58-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/972-60-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/972-63-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/972-65-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/1596-54-0x00000000757B1000-0x00000000757B3000-memory.dmp

Filesize
8KB

Download