c1c48166cf689f9b77216c3bbf5863d2714eecfc5484310688046c9f7a66ee5b

Analysis

max time kernel
91s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 19:53

Target

c1c48166cf689f9b77216c3bbf5863d2714eecfc5484310688046c9f7a66ee5b.exe
Size

340KB
MD5

6921570e14ac6b73d329d0802880104a
SHA1

4c9a7a8a84c855e3421081b59b66149e222248c0
SHA256

c1c48166cf689f9b77216c3bbf5863d2714eecfc5484310688046c9f7a66ee5b
SHA512

091270d5bf6982e1f98b57aabf73eb0d4ea7332b6a8c4a51bbab71d60f41022d490708523620b0ffffddbd6cdbd56fb6467a4830bfdd2854f641317eddc51307
SSDEEP

6144:+X2U6D1taTtP1gf1/P7FTk8s1HZSyok5Az9hAtEm7gMuCKczllFKCe:wM1t8Jifnk8o5qUtEm7Hur8s

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3348 set thread context of 3496	3348	c1c48166cf689f9b77216c3bbf5863d2714eecfc5484310688046c9f7a66ee5b.exe	80

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3496	c1c48166cf689f9b77216c3bbf5863d2714eecfc5484310688046c9f7a66ee5b.exe
3496	c1c48166cf689f9b77216c3bbf5863d2714eecfc5484310688046c9f7a66ee5b.exe
3496	c1c48166cf689f9b77216c3bbf5863d2714eecfc5484310688046c9f7a66ee5b.exe
3496	c1c48166cf689f9b77216c3bbf5863d2714eecfc5484310688046c9f7a66ee5b.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3348	c1c48166cf689f9b77216c3bbf5863d2714eecfc5484310688046c9f7a66ee5b.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3348 wrote to memory of 3496	3348	c1c48166cf689f9b77216c3bbf5863d2714eecfc5484310688046c9f7a66ee5b.exe	80
PID 3348 wrote to memory of 3496	3348	c1c48166cf689f9b77216c3bbf5863d2714eecfc5484310688046c9f7a66ee5b.exe	80
PID 3348 wrote to memory of 3496	3348	c1c48166cf689f9b77216c3bbf5863d2714eecfc5484310688046c9f7a66ee5b.exe	80
PID 3348 wrote to memory of 3496	3348	c1c48166cf689f9b77216c3bbf5863d2714eecfc5484310688046c9f7a66ee5b.exe	80
PID 3348 wrote to memory of 3496	3348	c1c48166cf689f9b77216c3bbf5863d2714eecfc5484310688046c9f7a66ee5b.exe	80
PID 3348 wrote to memory of 3496	3348	c1c48166cf689f9b77216c3bbf5863d2714eecfc5484310688046c9f7a66ee5b.exe	80
PID 3348 wrote to memory of 3496	3348	c1c48166cf689f9b77216c3bbf5863d2714eecfc5484310688046c9f7a66ee5b.exe	80
PID 3496 wrote to memory of 2684	3496	c1c48166cf689f9b77216c3bbf5863d2714eecfc5484310688046c9f7a66ee5b.exe	37
PID 3496 wrote to memory of 2684	3496	c1c48166cf689f9b77216c3bbf5863d2714eecfc5484310688046c9f7a66ee5b.exe	37
PID 3496 wrote to memory of 2684	3496	c1c48166cf689f9b77216c3bbf5863d2714eecfc5484310688046c9f7a66ee5b.exe	37
PID 3496 wrote to memory of 2684	3496	c1c48166cf689f9b77216c3bbf5863d2714eecfc5484310688046c9f7a66ee5b.exe	37

memory/2684-141-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/3348-132-0x0000000000400000-0x00000000004D6000-memory.dmp

Filesize
856KB

Download
memory/3348-134-0x0000000000400000-0x00000000004D6000-memory.dmp

Filesize
856KB

Download
memory/3348-139-0x0000000000400000-0x00000000004D6000-memory.dmp

Filesize
856KB

Download
memory/3496-137-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3496-140-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/3496-142-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download