df77938b0c2de357d6bf039c81ed8f9dfbf1fe3e7ba8a570704d04cab2047ee7

Analysis

max time kernel
38s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 14:02

Target

df77938b0c2de357d6bf039c81ed8f9dfbf1fe3e7ba8a570704d04cab2047ee7.exe
Size

232KB
MD5

d34f61c0d0754ad2d800b22323f37428
SHA1

7417f7ef00d4ac5ea93e2ff9a8f72f9e76a04470
SHA256

df77938b0c2de357d6bf039c81ed8f9dfbf1fe3e7ba8a570704d04cab2047ee7
SHA512

b31184c930b2f9ebd2185d595eaf9321ba1ceb8918e71ac9c2d607c1fab30ae70d439ab3c4815dff7c66941706f77a634522b6c3dff3f3142ad45ae65a7a76d5
SSDEEP

3072:nt6ggowBy1QO73k2Cd6BDJyNs2zY2841M8yxy2EPuPKTQ5r4odFjvSvEkFQ/:nSpBwQO746BDwD1MUMKTQ59PSMka/

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1044 set thread context of 1932	1044	df77938b0c2de357d6bf039c81ed8f9dfbf1fe3e7ba8a570704d04cab2047ee7.exe	27

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1044	df77938b0c2de357d6bf039c81ed8f9dfbf1fe3e7ba8a570704d04cab2047ee7.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 1932	1044	df77938b0c2de357d6bf039c81ed8f9dfbf1fe3e7ba8a570704d04cab2047ee7.exe	27
PID 1044 wrote to memory of 1932	1044	df77938b0c2de357d6bf039c81ed8f9dfbf1fe3e7ba8a570704d04cab2047ee7.exe	27
PID 1044 wrote to memory of 1932	1044	df77938b0c2de357d6bf039c81ed8f9dfbf1fe3e7ba8a570704d04cab2047ee7.exe	27
PID 1044 wrote to memory of 1932	1044	df77938b0c2de357d6bf039c81ed8f9dfbf1fe3e7ba8a570704d04cab2047ee7.exe	27
PID 1044 wrote to memory of 1932	1044	df77938b0c2de357d6bf039c81ed8f9dfbf1fe3e7ba8a570704d04cab2047ee7.exe	27
PID 1044 wrote to memory of 1932	1044	df77938b0c2de357d6bf039c81ed8f9dfbf1fe3e7ba8a570704d04cab2047ee7.exe	27
PID 1044 wrote to memory of 1932	1044	df77938b0c2de357d6bf039c81ed8f9dfbf1fe3e7ba8a570704d04cab2047ee7.exe	27
PID 1044 wrote to memory of 1932	1044	df77938b0c2de357d6bf039c81ed8f9dfbf1fe3e7ba8a570704d04cab2047ee7.exe	27

C:\Users\Admin\AppData\Local\Temp\df77938b0c2de357d6bf039c81ed8f9dfbf1fe3e7ba8a570704d04cab2047ee7.exe
"C:\Users\Admin\AppData\Local\Temp\df77938b0c2de357d6bf039c81ed8f9dfbf1fe3e7ba8a570704d04cab2047ee7.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Users\Admin\AppData\Local\Temp\df77938b0c2de357d6bf039c81ed8f9dfbf1fe3e7ba8a570704d04cab2047ee7.exe
  C:\Users\Admin\AppData\Local\Temp\df77938b0c2de357d6bf039c81ed8f9dfbf1fe3e7ba8a570704d04cab2047ee7.exe
  2⤵
  PID:1932

memory/1044-56-0x0000000000400000-0x00000000004D4000-memory.dmp

Filesize
848KB

Download
memory/1044-60-0x0000000000400000-0x00000000004D4000-memory.dmp

Filesize
848KB

Download
memory/1932-57-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1932-59-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download