e4c14a0968deef1e9b9e448ca034a96ddbd40ebd797332833547422525703fe7

Analysis

max time kernel
201s
max time network
211s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 13:26

Target

e4c14a0968deef1e9b9e448ca034a96ddbd40ebd797332833547422525703fe7.exe
Size

743KB
MD5

941ce6fc9203be9085d0d6485be47af2
SHA1

74f92dc1d46cb003f422cb9f7ab3a81fab43276f
SHA256

e4c14a0968deef1e9b9e448ca034a96ddbd40ebd797332833547422525703fe7
SHA512

fe3e261c91ee1184238eb45e08621dba6505380482b1617fdc4e95521d3473c81c4ad35b458d2717cde3389e8f548ecefb55deea8e06be03a135b88c3d030238
SSDEEP

12288:RIx6Co7YNQ/nBaWnBsPDqWOFINJc+yJUVjRydmKchOgU1B15VnIQjFzkpp:2wzwQ/BaWnBCqwLc++UVymxONrIQ+z

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2796 set thread context of 5024	2796	e4c14a0968deef1e9b9e448ca034a96ddbd40ebd797332833547422525703fe7.exe	82

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5024	e4c14a0968deef1e9b9e448ca034a96ddbd40ebd797332833547422525703fe7.exe
5024	e4c14a0968deef1e9b9e448ca034a96ddbd40ebd797332833547422525703fe7.exe
5024	e4c14a0968deef1e9b9e448ca034a96ddbd40ebd797332833547422525703fe7.exe
5024	e4c14a0968deef1e9b9e448ca034a96ddbd40ebd797332833547422525703fe7.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2796	e4c14a0968deef1e9b9e448ca034a96ddbd40ebd797332833547422525703fe7.exe
2796	e4c14a0968deef1e9b9e448ca034a96ddbd40ebd797332833547422525703fe7.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2796 wrote to memory of 5024	2796	e4c14a0968deef1e9b9e448ca034a96ddbd40ebd797332833547422525703fe7.exe	82
PID 2796 wrote to memory of 5024	2796	e4c14a0968deef1e9b9e448ca034a96ddbd40ebd797332833547422525703fe7.exe	82
PID 2796 wrote to memory of 5024	2796	e4c14a0968deef1e9b9e448ca034a96ddbd40ebd797332833547422525703fe7.exe	82
PID 2796 wrote to memory of 5024	2796	e4c14a0968deef1e9b9e448ca034a96ddbd40ebd797332833547422525703fe7.exe	82
PID 2796 wrote to memory of 5024	2796	e4c14a0968deef1e9b9e448ca034a96ddbd40ebd797332833547422525703fe7.exe	82
PID 2796 wrote to memory of 5024	2796	e4c14a0968deef1e9b9e448ca034a96ddbd40ebd797332833547422525703fe7.exe	82
PID 2796 wrote to memory of 5024	2796	e4c14a0968deef1e9b9e448ca034a96ddbd40ebd797332833547422525703fe7.exe	82
PID 5024 wrote to memory of 2644	5024	e4c14a0968deef1e9b9e448ca034a96ddbd40ebd797332833547422525703fe7.exe	41
PID 5024 wrote to memory of 2644	5024	e4c14a0968deef1e9b9e448ca034a96ddbd40ebd797332833547422525703fe7.exe	41
PID 5024 wrote to memory of 2644	5024	e4c14a0968deef1e9b9e448ca034a96ddbd40ebd797332833547422525703fe7.exe	41
PID 5024 wrote to memory of 2644	5024	e4c14a0968deef1e9b9e448ca034a96ddbd40ebd797332833547422525703fe7.exe	41

memory/2644-141-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/2796-132-0x0000000000400000-0x00000000007D2000-memory.dmp

Filesize
3.8MB

Download
memory/2796-139-0x0000000000400000-0x00000000007D2000-memory.dmp

Filesize
3.8MB

Download
memory/5024-136-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/5024-138-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/5024-140-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/5024-142-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download