ccf103f47a649613b7dc6bfca34be3c686e113ecb231c244edc27a93325558ca

Analysis

max time kernel
232s
max time network
337s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 17:30

Target

ccf103f47a649613b7dc6bfca34be3c686e113ecb231c244edc27a93325558ca.exe
Size

217KB
MD5

8d1f3b81eb35c5aba7eb3fa3972bb571
SHA1

8963486e323826a389df27de5ef50c7df573e2f7
SHA256

ccf103f47a649613b7dc6bfca34be3c686e113ecb231c244edc27a93325558ca
SHA512

8c0856e58b2c532dc660d089fce8d85588796fa6a0c3f5dcfc4b468fdc5ea1f6805eec1a4476034e37d983a7a3d7284e6f6ae6fca06a059fe5fe28fca36c0bcd
SSDEEP

3072:md1fOZVUe92h0YK7DG+zdy3+P+kdMMKw4iPl7Wimf357RomDgWqI:Ii0tfJRomDcI

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 468 set thread context of 1104	468	ccf103f47a649613b7dc6bfca34be3c686e113ecb231c244edc27a93325558ca.exe	28

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1104	ccf103f47a649613b7dc6bfca34be3c686e113ecb231c244edc27a93325558ca.exe
1104	ccf103f47a649613b7dc6bfca34be3c686e113ecb231c244edc27a93325558ca.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
468	ccf103f47a649613b7dc6bfca34be3c686e113ecb231c244edc27a93325558ca.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 468 wrote to memory of 1104	468	ccf103f47a649613b7dc6bfca34be3c686e113ecb231c244edc27a93325558ca.exe	28
PID 468 wrote to memory of 1104	468	ccf103f47a649613b7dc6bfca34be3c686e113ecb231c244edc27a93325558ca.exe	28
PID 468 wrote to memory of 1104	468	ccf103f47a649613b7dc6bfca34be3c686e113ecb231c244edc27a93325558ca.exe	28
PID 468 wrote to memory of 1104	468	ccf103f47a649613b7dc6bfca34be3c686e113ecb231c244edc27a93325558ca.exe	28
PID 468 wrote to memory of 1104	468	ccf103f47a649613b7dc6bfca34be3c686e113ecb231c244edc27a93325558ca.exe	28
PID 468 wrote to memory of 1104	468	ccf103f47a649613b7dc6bfca34be3c686e113ecb231c244edc27a93325558ca.exe	28
PID 468 wrote to memory of 1104	468	ccf103f47a649613b7dc6bfca34be3c686e113ecb231c244edc27a93325558ca.exe	28
PID 468 wrote to memory of 1104	468	ccf103f47a649613b7dc6bfca34be3c686e113ecb231c244edc27a93325558ca.exe	28
PID 1104 wrote to memory of 1248	1104	ccf103f47a649613b7dc6bfca34be3c686e113ecb231c244edc27a93325558ca.exe	16
PID 1104 wrote to memory of 1248	1104	ccf103f47a649613b7dc6bfca34be3c686e113ecb231c244edc27a93325558ca.exe	16
PID 1104 wrote to memory of 1248	1104	ccf103f47a649613b7dc6bfca34be3c686e113ecb231c244edc27a93325558ca.exe	16
PID 1104 wrote to memory of 1248	1104	ccf103f47a649613b7dc6bfca34be3c686e113ecb231c244edc27a93325558ca.exe	16

memory/468-54-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/468-60-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1104-57-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1104-61-0x0000000000400000-0x00000000004083A0-memory.dmp

Filesize
32KB

Download
memory/1104-62-0x0000000075E81000-0x0000000075E83000-memory.dmp

Filesize
8KB

Download
memory/1104-66-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1248-63-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download