ec15bcc40ae9b487684c4b0b7cb29ca069b5808c9102b55462b960254556fca3

Analysis

max time kernel
24s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 12:31

Target

ec15bcc40ae9b487684c4b0b7cb29ca069b5808c9102b55462b960254556fca3.exe
Size

84KB
MD5

f49920908ad91bcaab57faf332470e84
SHA1

7513843e8577cd2399287f3bb1064b413e2e68e7
SHA256

ec15bcc40ae9b487684c4b0b7cb29ca069b5808c9102b55462b960254556fca3
SHA512

1567bdf7abbd23c9495e8717caa239be7dd8f3659dec3fac076fdc21611217f401dbfcfc3ac79927235eb555c30c6a148e4cdc5ca0f9c3dcda243678d8a65a2e
SSDEEP

1536:NC4dcwNXfmaC9oSP/EXUfqOpN4P4KAxl3NcQh:NnPCZPMESOfTBOw

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1604 set thread context of 996	1604	ec15bcc40ae9b487684c4b0b7cb29ca069b5808c9102b55462b960254556fca3.exe	28

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1604	ec15bcc40ae9b487684c4b0b7cb29ca069b5808c9102b55462b960254556fca3.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1604 wrote to memory of 996	1604	ec15bcc40ae9b487684c4b0b7cb29ca069b5808c9102b55462b960254556fca3.exe	28
PID 1604 wrote to memory of 996	1604	ec15bcc40ae9b487684c4b0b7cb29ca069b5808c9102b55462b960254556fca3.exe	28
PID 1604 wrote to memory of 996	1604	ec15bcc40ae9b487684c4b0b7cb29ca069b5808c9102b55462b960254556fca3.exe	28
PID 1604 wrote to memory of 996	1604	ec15bcc40ae9b487684c4b0b7cb29ca069b5808c9102b55462b960254556fca3.exe	28
PID 1604 wrote to memory of 996	1604	ec15bcc40ae9b487684c4b0b7cb29ca069b5808c9102b55462b960254556fca3.exe	28
PID 1604 wrote to memory of 996	1604	ec15bcc40ae9b487684c4b0b7cb29ca069b5808c9102b55462b960254556fca3.exe	28
PID 1604 wrote to memory of 996	1604	ec15bcc40ae9b487684c4b0b7cb29ca069b5808c9102b55462b960254556fca3.exe	28
PID 1604 wrote to memory of 996	1604	ec15bcc40ae9b487684c4b0b7cb29ca069b5808c9102b55462b960254556fca3.exe	28

C:\Users\Admin\AppData\Local\Temp\ec15bcc40ae9b487684c4b0b7cb29ca069b5808c9102b55462b960254556fca3.exe
"C:\Users\Admin\AppData\Local\Temp\ec15bcc40ae9b487684c4b0b7cb29ca069b5808c9102b55462b960254556fca3.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1604
- C:\Users\Admin\AppData\Local\Temp\ec15bcc40ae9b487684c4b0b7cb29ca069b5808c9102b55462b960254556fca3.exe
  "C:\Users\Admin\AppData\Local\Temp\ec15bcc40ae9b487684c4b0b7cb29ca069b5808c9102b55462b960254556fca3.exe"
  2⤵
  PID:996

memory/996-56-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/996-57-0x0000000000407C89-mapping.dmp

Download
memory/996-60-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/996-61-0x0000000076DC1000-0x0000000076DC3000-memory.dmp

Filesize
8KB

Download
memory/996-62-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1604-59-0x0000000000400000-0x0000000000459000-memory.dmp

Filesize
356KB

Download