9c7348033bc9123aebdc09fcfb688d5b29044337a0259dfdec01299d0835b3c6

Analysis

max time kernel
91s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2022 02:53

Target

9c7348033bc9123aebdc09fcfb688d5b29044337a0259dfdec01299d0835b3c6.exe
Size

280KB
MD5

e349bac289a8908ae170a28f80c84039
SHA1

6d234aaf88ce9850ab8c47200eea093ed6674617
SHA256

9c7348033bc9123aebdc09fcfb688d5b29044337a0259dfdec01299d0835b3c6
SHA512

2d4f254824a6b925a2fb4a6229a0999cb401e6f9644394ca826b5dd636573103ae0920618f8e2a1555161272f8755c47d6ebc29aca0bc473a00bf114bdfb7fa7
SSDEEP

6144:jGk/5IVCsWauRZscoe7NXwG+0f4lkY1pR9Jr9u:i4sWaE9oepXW0f4lfhr

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4964 set thread context of 544	4964	9c7348033bc9123aebdc09fcfb688d5b29044337a0259dfdec01299d0835b3c6.exe	81

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4964	9c7348033bc9123aebdc09fcfb688d5b29044337a0259dfdec01299d0835b3c6.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4964 wrote to memory of 544	4964	9c7348033bc9123aebdc09fcfb688d5b29044337a0259dfdec01299d0835b3c6.exe	81
PID 4964 wrote to memory of 544	4964	9c7348033bc9123aebdc09fcfb688d5b29044337a0259dfdec01299d0835b3c6.exe	81
PID 4964 wrote to memory of 544	4964	9c7348033bc9123aebdc09fcfb688d5b29044337a0259dfdec01299d0835b3c6.exe	81
PID 4964 wrote to memory of 544	4964	9c7348033bc9123aebdc09fcfb688d5b29044337a0259dfdec01299d0835b3c6.exe	81
PID 4964 wrote to memory of 544	4964	9c7348033bc9123aebdc09fcfb688d5b29044337a0259dfdec01299d0835b3c6.exe	81
PID 4964 wrote to memory of 544	4964	9c7348033bc9123aebdc09fcfb688d5b29044337a0259dfdec01299d0835b3c6.exe	81
PID 4964 wrote to memory of 544	4964	9c7348033bc9123aebdc09fcfb688d5b29044337a0259dfdec01299d0835b3c6.exe	81
PID 4964 wrote to memory of 544	4964	9c7348033bc9123aebdc09fcfb688d5b29044337a0259dfdec01299d0835b3c6.exe	81

C:\Users\Admin\AppData\Local\Temp\9c7348033bc9123aebdc09fcfb688d5b29044337a0259dfdec01299d0835b3c6.exe
"C:\Users\Admin\AppData\Local\Temp\9c7348033bc9123aebdc09fcfb688d5b29044337a0259dfdec01299d0835b3c6.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4964
- C:\Users\Admin\AppData\Local\Temp\9c7348033bc9123aebdc09fcfb688d5b29044337a0259dfdec01299d0835b3c6.exe
  "C:\Users\Admin\AppData\Local\Temp\9c7348033bc9123aebdc09fcfb688d5b29044337a0259dfdec01299d0835b3c6.exe"
  2⤵
  PID:544

memory/544-135-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/544-137-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download