93e5acf5d7152ebe36987486df0f10143cf95b641cf1df17897e6291746d8766

Analysis

max time kernel
147s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 17:22

Target

93e5acf5d7152ebe36987486df0f10143cf95b641cf1df17897e6291746d8766.exe
Size

136KB
MD5

c6c6753904511fd723126fd5b3b0ae6f
SHA1

2b4e47f0658b1ed5c962fbea095da177f2025416
SHA256

93e5acf5d7152ebe36987486df0f10143cf95b641cf1df17897e6291746d8766
SHA512

f7bbcee7078ce43303fde1996b7214cfcefb31f6ba2305f25f282464784b98ab78d99a8f1aaef1fb68455fa6b58145cbd66ed57272061991d696a6d38e7cd09d
SSDEEP

3072:7AA0JymyIyTLYzv0GYoY4WGWmWGWmWGNVYCs:cA4y

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4344 set thread context of 8	4344	93e5acf5d7152ebe36987486df0f10143cf95b641cf1df17897e6291746d8766.exe	84

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4344	93e5acf5d7152ebe36987486df0f10143cf95b641cf1df17897e6291746d8766.exe
8	93e5acf5d7152ebe36987486df0f10143cf95b641cf1df17897e6291746d8766.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4344 wrote to memory of 8	4344	93e5acf5d7152ebe36987486df0f10143cf95b641cf1df17897e6291746d8766.exe	84
PID 4344 wrote to memory of 8	4344	93e5acf5d7152ebe36987486df0f10143cf95b641cf1df17897e6291746d8766.exe	84
PID 4344 wrote to memory of 8	4344	93e5acf5d7152ebe36987486df0f10143cf95b641cf1df17897e6291746d8766.exe	84
PID 4344 wrote to memory of 8	4344	93e5acf5d7152ebe36987486df0f10143cf95b641cf1df17897e6291746d8766.exe	84
PID 4344 wrote to memory of 8	4344	93e5acf5d7152ebe36987486df0f10143cf95b641cf1df17897e6291746d8766.exe	84
PID 4344 wrote to memory of 8	4344	93e5acf5d7152ebe36987486df0f10143cf95b641cf1df17897e6291746d8766.exe	84
PID 4344 wrote to memory of 8	4344	93e5acf5d7152ebe36987486df0f10143cf95b641cf1df17897e6291746d8766.exe	84
PID 4344 wrote to memory of 8	4344	93e5acf5d7152ebe36987486df0f10143cf95b641cf1df17897e6291746d8766.exe	84

C:\Users\Admin\AppData\Local\Temp\93e5acf5d7152ebe36987486df0f10143cf95b641cf1df17897e6291746d8766.exe
"C:\Users\Admin\AppData\Local\Temp\93e5acf5d7152ebe36987486df0f10143cf95b641cf1df17897e6291746d8766.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4344
- C:\Users\Admin\AppData\Local\Temp\93e5acf5d7152ebe36987486df0f10143cf95b641cf1df17897e6291746d8766.exe
  "C:\Users\Admin\AppData\Local\Temp\93e5acf5d7152ebe36987486df0f10143cf95b641cf1df17897e6291746d8766.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:8

memory/8-135-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/8-136-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download