bb30036c2f05e58f8c67671641ea24ddf83e21c144a79f49b154111748f6360a

Analysis

max time kernel
182s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2022 19:25

Target

bb30036c2f05e58f8c67671641ea24ddf83e21c144a79f49b154111748f6360a.exe
Size

2.0MB
MD5

0fc1730798351bcc6102a58d5ad28d20
SHA1

84a4a98b2a3a6ccc20a166931aee142f9a2782ff
SHA256

bb30036c2f05e58f8c67671641ea24ddf83e21c144a79f49b154111748f6360a
SHA512

85729ffd9620b088ccebc718038349d3416d403a418221f6ed9f956abaae726e6f55b9970515f237378b9372819238b94147107ecb40ae825e442e4a5c165a53
SSDEEP

49152:L1x3N14teon5SixbqYtgNxqGWljQsLlfrB8/tjU:Jxz4teonIixbqY6x2jnfrBUjU

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1420 set thread context of 2016	1420	bb30036c2f05e58f8c67671641ea24ddf83e21c144a79f49b154111748f6360a.exe	81

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1420	bb30036c2f05e58f8c67671641ea24ddf83e21c144a79f49b154111748f6360a.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1420 wrote to memory of 2016	1420	bb30036c2f05e58f8c67671641ea24ddf83e21c144a79f49b154111748f6360a.exe	81
PID 1420 wrote to memory of 2016	1420	bb30036c2f05e58f8c67671641ea24ddf83e21c144a79f49b154111748f6360a.exe	81
PID 1420 wrote to memory of 2016	1420	bb30036c2f05e58f8c67671641ea24ddf83e21c144a79f49b154111748f6360a.exe	81
PID 1420 wrote to memory of 2016	1420	bb30036c2f05e58f8c67671641ea24ddf83e21c144a79f49b154111748f6360a.exe	81
PID 1420 wrote to memory of 2016	1420	bb30036c2f05e58f8c67671641ea24ddf83e21c144a79f49b154111748f6360a.exe	81
PID 1420 wrote to memory of 2016	1420	bb30036c2f05e58f8c67671641ea24ddf83e21c144a79f49b154111748f6360a.exe	81
PID 1420 wrote to memory of 2016	1420	bb30036c2f05e58f8c67671641ea24ddf83e21c144a79f49b154111748f6360a.exe	81
PID 1420 wrote to memory of 2016	1420	bb30036c2f05e58f8c67671641ea24ddf83e21c144a79f49b154111748f6360a.exe	81
PID 1420 wrote to memory of 2016	1420	bb30036c2f05e58f8c67671641ea24ddf83e21c144a79f49b154111748f6360a.exe	81

C:\Users\Admin\AppData\Local\Temp\bb30036c2f05e58f8c67671641ea24ddf83e21c144a79f49b154111748f6360a.exe
"C:\Users\Admin\AppData\Local\Temp\bb30036c2f05e58f8c67671641ea24ddf83e21c144a79f49b154111748f6360a.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1420
- C:\Users\Admin\AppData\Local\Temp\bb30036c2f05e58f8c67671641ea24ddf83e21c144a79f49b154111748f6360a.exe
  C:\Users\Admin\AppData\Local\Temp\bb30036c2f05e58f8c67671641ea24ddf83e21c144a79f49b154111748f6360a.exe
  2⤵
  PID:2016

memory/2016-134-0x0000000000000000-mapping.dmp

Download
memory/2016-135-0x0000000000400000-0x0000000000606000-memory.dmp

Filesize
2.0MB

Download
memory/2016-137-0x0000000000400000-0x0000000000606000-memory.dmp

Filesize
2.0MB

Download
memory/2016-138-0x0000000000400000-0x0000000000606000-memory.dmp

Filesize
2.0MB

Download
memory/2016-139-0x0000000002370000-0x00000000024E1000-memory.dmp

Filesize
1.4MB

Download