eec9802162f81953d252b1eb7ff4c551d849dc32b2d9de32d5ef8984fb6221c1

Analysis

max time kernel
9s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 19:17

Target

eec9802162f81953d252b1eb7ff4c551d849dc32b2d9de32d5ef8984fb6221c1.exe
Size

172KB
MD5

2f159cbf0194ab1fd97cf7b188250831
SHA1

6b33fb531033918ad4eea3ac579ae74dafff869e
SHA256

eec9802162f81953d252b1eb7ff4c551d849dc32b2d9de32d5ef8984fb6221c1
SHA512

4fa898f0b867242d5f3bfe637a01f3f09e738c9e10bddba3bdea450a4a9e8c595b799d02575f55f3c13a000dc449f915da87e51570a9f5d6e17beaf3dcec36fa
SSDEEP

3072:5EUP0Fx0k4MWJjFalEadPFO0c6p866zng9mu7ApfX38F:m7MXk

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1800 set thread context of 1960	1800	eec9802162f81953d252b1eb7ff4c551d849dc32b2d9de32d5ef8984fb6221c1.exe	28

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1960	eec9802162f81953d252b1eb7ff4c551d849dc32b2d9de32d5ef8984fb6221c1.exe
1960	eec9802162f81953d252b1eb7ff4c551d849dc32b2d9de32d5ef8984fb6221c1.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1800	eec9802162f81953d252b1eb7ff4c551d849dc32b2d9de32d5ef8984fb6221c1.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1800 wrote to memory of 1960	1800	eec9802162f81953d252b1eb7ff4c551d849dc32b2d9de32d5ef8984fb6221c1.exe	28
PID 1800 wrote to memory of 1960	1800	eec9802162f81953d252b1eb7ff4c551d849dc32b2d9de32d5ef8984fb6221c1.exe	28
PID 1800 wrote to memory of 1960	1800	eec9802162f81953d252b1eb7ff4c551d849dc32b2d9de32d5ef8984fb6221c1.exe	28
PID 1800 wrote to memory of 1960	1800	eec9802162f81953d252b1eb7ff4c551d849dc32b2d9de32d5ef8984fb6221c1.exe	28
PID 1800 wrote to memory of 1960	1800	eec9802162f81953d252b1eb7ff4c551d849dc32b2d9de32d5ef8984fb6221c1.exe	28
PID 1800 wrote to memory of 1960	1800	eec9802162f81953d252b1eb7ff4c551d849dc32b2d9de32d5ef8984fb6221c1.exe	28
PID 1800 wrote to memory of 1960	1800	eec9802162f81953d252b1eb7ff4c551d849dc32b2d9de32d5ef8984fb6221c1.exe	28
PID 1800 wrote to memory of 1960	1800	eec9802162f81953d252b1eb7ff4c551d849dc32b2d9de32d5ef8984fb6221c1.exe	28
PID 1960 wrote to memory of 1256	1960	eec9802162f81953d252b1eb7ff4c551d849dc32b2d9de32d5ef8984fb6221c1.exe	17
PID 1960 wrote to memory of 1256	1960	eec9802162f81953d252b1eb7ff4c551d849dc32b2d9de32d5ef8984fb6221c1.exe	17
PID 1960 wrote to memory of 1256	1960	eec9802162f81953d252b1eb7ff4c551d849dc32b2d9de32d5ef8984fb6221c1.exe	17
PID 1960 wrote to memory of 1256	1960	eec9802162f81953d252b1eb7ff4c551d849dc32b2d9de32d5ef8984fb6221c1.exe	17

memory/1256-61-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1960-56-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1960-57-0x0000000000407A4D-mapping.dmp

Download
memory/1960-59-0x0000000000400000-0x00000000004083A0-memory.dmp

Filesize
32KB

Download
memory/1960-60-0x0000000075241000-0x0000000075243000-memory.dmp

Filesize
8KB

Download
memory/1960-64-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download