b0fb8878252ba65dfcf0072bda9232a81db7313505cef9d7ba2f71cbbed0b3dc

Analysis

max time kernel
38s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 08:46

Target

b0fb8878252ba65dfcf0072bda9232a81db7313505cef9d7ba2f71cbbed0b3dc.exe
Size

293KB
MD5

6876b8f876a432dd564822cc19baf313
SHA1

99c7d363273a322d05f5426c4519e87349be4ef8
SHA256

b0fb8878252ba65dfcf0072bda9232a81db7313505cef9d7ba2f71cbbed0b3dc
SHA512

0fa1da927190fe2888fd90409d7ee72d930ff9bbc26ac1b3eb2dfd39237e3183fe2661334f1a705129bb2939ef2653efa1f5e050641c9f670d57d0d1b926f1bc
SSDEEP

6144:Zygsngid/o7iiEavto3NTwJXm6eFBbYEHRAvpKDYieya:Zyh3o7iiYRwIRBbYQRAvMYiQ

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 900 set thread context of 1876	900	b0fb8878252ba65dfcf0072bda9232a81db7313505cef9d7ba2f71cbbed0b3dc.exe	27

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
900	b0fb8878252ba65dfcf0072bda9232a81db7313505cef9d7ba2f71cbbed0b3dc.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 900 wrote to memory of 1876	900	b0fb8878252ba65dfcf0072bda9232a81db7313505cef9d7ba2f71cbbed0b3dc.exe	27
PID 900 wrote to memory of 1876	900	b0fb8878252ba65dfcf0072bda9232a81db7313505cef9d7ba2f71cbbed0b3dc.exe	27
PID 900 wrote to memory of 1876	900	b0fb8878252ba65dfcf0072bda9232a81db7313505cef9d7ba2f71cbbed0b3dc.exe	27
PID 900 wrote to memory of 1876	900	b0fb8878252ba65dfcf0072bda9232a81db7313505cef9d7ba2f71cbbed0b3dc.exe	27
PID 900 wrote to memory of 1876	900	b0fb8878252ba65dfcf0072bda9232a81db7313505cef9d7ba2f71cbbed0b3dc.exe	27
PID 900 wrote to memory of 1876	900	b0fb8878252ba65dfcf0072bda9232a81db7313505cef9d7ba2f71cbbed0b3dc.exe	27
PID 900 wrote to memory of 1876	900	b0fb8878252ba65dfcf0072bda9232a81db7313505cef9d7ba2f71cbbed0b3dc.exe	27
PID 900 wrote to memory of 1876	900	b0fb8878252ba65dfcf0072bda9232a81db7313505cef9d7ba2f71cbbed0b3dc.exe	27
PID 900 wrote to memory of 1876	900	b0fb8878252ba65dfcf0072bda9232a81db7313505cef9d7ba2f71cbbed0b3dc.exe	27

C:\Users\Admin\AppData\Local\Temp\b0fb8878252ba65dfcf0072bda9232a81db7313505cef9d7ba2f71cbbed0b3dc.exe
"C:\Users\Admin\AppData\Local\Temp\b0fb8878252ba65dfcf0072bda9232a81db7313505cef9d7ba2f71cbbed0b3dc.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:900
- C:\Users\Admin\AppData\Local\Temp\b0fb8878252ba65dfcf0072bda9232a81db7313505cef9d7ba2f71cbbed0b3dc.exe
  "C:\Users\Admin\AppData\Local\Temp\b0fb8878252ba65dfcf0072bda9232a81db7313505cef9d7ba2f71cbbed0b3dc.exe"
  2⤵
  PID:1876

memory/1876-56-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1876-57-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1876-59-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1876-60-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1876-62-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1876-63-0x0000000000431055-mapping.dmp

Download
memory/1876-65-0x0000000075C61000-0x0000000075C63000-memory.dmp

Filesize
8KB

Download
memory/1876-66-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download