a0dd8c5bb3658eb7e2db59579a2326b4fa0c7d6cfccc04ef817f5d65622327d2

Analysis

max time kernel
243s
max time network
335s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 10:14

Target

a0dd8c5bb3658eb7e2db59579a2326b4fa0c7d6cfccc04ef817f5d65622327d2.exe
Size

184KB
MD5

acf0e3f195c3f34e517fc89ed263deff
SHA1

f496ad2fdb2419f8cfe477452185f9d92c515bf8
SHA256

a0dd8c5bb3658eb7e2db59579a2326b4fa0c7d6cfccc04ef817f5d65622327d2
SHA512

6e6bc84aeab5a030dc6fff8a5caff0468347ebca796a444b02aed546f5e4235c099ef377e3a4d38accacf2df56c86f7a032de048fd420579f4526044c13c7f23
SSDEEP

3072:zq3opFGwZ+MFEMnTRNG0ihixnZsTjrn+CDEE6YGuDKtVydkWrGB7yWODNAXHxpE7:7GwD/rpg+CsYGuDKt3YGIheHxXIQy

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1632 set thread context of 912	1632	a0dd8c5bb3658eb7e2db59579a2326b4fa0c7d6cfccc04ef817f5d65622327d2.exe	28

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
912	a0dd8c5bb3658eb7e2db59579a2326b4fa0c7d6cfccc04ef817f5d65622327d2.exe
912	a0dd8c5bb3658eb7e2db59579a2326b4fa0c7d6cfccc04ef817f5d65622327d2.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1632	a0dd8c5bb3658eb7e2db59579a2326b4fa0c7d6cfccc04ef817f5d65622327d2.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 912	1632	a0dd8c5bb3658eb7e2db59579a2326b4fa0c7d6cfccc04ef817f5d65622327d2.exe	28
PID 1632 wrote to memory of 912	1632	a0dd8c5bb3658eb7e2db59579a2326b4fa0c7d6cfccc04ef817f5d65622327d2.exe	28
PID 1632 wrote to memory of 912	1632	a0dd8c5bb3658eb7e2db59579a2326b4fa0c7d6cfccc04ef817f5d65622327d2.exe	28
PID 1632 wrote to memory of 912	1632	a0dd8c5bb3658eb7e2db59579a2326b4fa0c7d6cfccc04ef817f5d65622327d2.exe	28
PID 1632 wrote to memory of 912	1632	a0dd8c5bb3658eb7e2db59579a2326b4fa0c7d6cfccc04ef817f5d65622327d2.exe	28
PID 1632 wrote to memory of 912	1632	a0dd8c5bb3658eb7e2db59579a2326b4fa0c7d6cfccc04ef817f5d65622327d2.exe	28
PID 1632 wrote to memory of 912	1632	a0dd8c5bb3658eb7e2db59579a2326b4fa0c7d6cfccc04ef817f5d65622327d2.exe	28
PID 1632 wrote to memory of 912	1632	a0dd8c5bb3658eb7e2db59579a2326b4fa0c7d6cfccc04ef817f5d65622327d2.exe	28
PID 912 wrote to memory of 1232	912	a0dd8c5bb3658eb7e2db59579a2326b4fa0c7d6cfccc04ef817f5d65622327d2.exe	18
PID 912 wrote to memory of 1232	912	a0dd8c5bb3658eb7e2db59579a2326b4fa0c7d6cfccc04ef817f5d65622327d2.exe	18
PID 912 wrote to memory of 1232	912	a0dd8c5bb3658eb7e2db59579a2326b4fa0c7d6cfccc04ef817f5d65622327d2.exe	18
PID 912 wrote to memory of 1232	912	a0dd8c5bb3658eb7e2db59579a2326b4fa0c7d6cfccc04ef817f5d65622327d2.exe	18

memory/912-57-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/912-61-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/912-62-0x00000000757C1000-0x00000000757C3000-memory.dmp

Filesize
8KB

Download
memory/912-66-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/912-67-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1232-63-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1632-54-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/1632-60-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download