d0f4d2363c4929acb922fd32396853c9e03bfcef6ea2b6939363c4675179af09

Analysis

max time kernel
367s
max time network
380s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 07:58

Target

d0f4d2363c4929acb922fd32396853c9e03bfcef6ea2b6939363c4675179af09.exe
Size

172KB
MD5

52978cf104c7cb61fc751ec4ef5068d9
SHA1

86aaae707957a4d04e5f06652e69a6dd88ecb0eb
SHA256

d0f4d2363c4929acb922fd32396853c9e03bfcef6ea2b6939363c4675179af09
SHA512

32010fc3bf8a3e0d5a26dc54dcfd50c368f7033b5a7dafca37e6833a85772db9f5e72c04f3e26f98c4a5c38a652485240e71f74d0bd405a2dc497d0f1849dcec
SSDEEP

3072:mw3wG3gDD5XbgdK2B9wYUTfFglwo6kEJQplPf8h7pcWy9B9L8cmod7Z6hdXB6uQ2:dkDDSdK2BxiqlrU+Eh7ipmo1idXB6x2

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3728 set thread context of 1376	3728	d0f4d2363c4929acb922fd32396853c9e03bfcef6ea2b6939363c4675179af09.exe	79

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1376	d0f4d2363c4929acb922fd32396853c9e03bfcef6ea2b6939363c4675179af09.exe
1376	d0f4d2363c4929acb922fd32396853c9e03bfcef6ea2b6939363c4675179af09.exe
1376	d0f4d2363c4929acb922fd32396853c9e03bfcef6ea2b6939363c4675179af09.exe
1376	d0f4d2363c4929acb922fd32396853c9e03bfcef6ea2b6939363c4675179af09.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3728	d0f4d2363c4929acb922fd32396853c9e03bfcef6ea2b6939363c4675179af09.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3728 wrote to memory of 1376	3728	d0f4d2363c4929acb922fd32396853c9e03bfcef6ea2b6939363c4675179af09.exe	79
PID 3728 wrote to memory of 1376	3728	d0f4d2363c4929acb922fd32396853c9e03bfcef6ea2b6939363c4675179af09.exe	79
PID 3728 wrote to memory of 1376	3728	d0f4d2363c4929acb922fd32396853c9e03bfcef6ea2b6939363c4675179af09.exe	79
PID 3728 wrote to memory of 1376	3728	d0f4d2363c4929acb922fd32396853c9e03bfcef6ea2b6939363c4675179af09.exe	79
PID 3728 wrote to memory of 1376	3728	d0f4d2363c4929acb922fd32396853c9e03bfcef6ea2b6939363c4675179af09.exe	79
PID 3728 wrote to memory of 1376	3728	d0f4d2363c4929acb922fd32396853c9e03bfcef6ea2b6939363c4675179af09.exe	79
PID 3728 wrote to memory of 1376	3728	d0f4d2363c4929acb922fd32396853c9e03bfcef6ea2b6939363c4675179af09.exe	79
PID 1376 wrote to memory of 2468	1376	d0f4d2363c4929acb922fd32396853c9e03bfcef6ea2b6939363c4675179af09.exe	58
PID 1376 wrote to memory of 2468	1376	d0f4d2363c4929acb922fd32396853c9e03bfcef6ea2b6939363c4675179af09.exe	58
PID 1376 wrote to memory of 2468	1376	d0f4d2363c4929acb922fd32396853c9e03bfcef6ea2b6939363c4675179af09.exe	58
PID 1376 wrote to memory of 2468	1376	d0f4d2363c4929acb922fd32396853c9e03bfcef6ea2b6939363c4675179af09.exe	58

memory/1376-136-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1376-141-0x0000000000400000-0x00000000004083A0-memory.dmp

Filesize
32KB

Download
memory/1376-143-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/2468-142-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/3728-132-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3728-138-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3728-140-0x0000000000610000-0x0000000000649000-memory.dmp

Filesize
228KB

Download
memory/3728-139-0x00000000005C0000-0x00000000005C4000-memory.dmp

Filesize
16KB

Download