a2fbad4ec77ac3705b589d22f3e29dacdb6ab39a6fe1fd2dc26cc6047f2a6bda

Analysis

max time kernel
148s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 23:02

Target

a2fbad4ec77ac3705b589d22f3e29dacdb6ab39a6fe1fd2dc26cc6047f2a6bda.exe
Size

482KB
MD5

0fe8ca7639692269889f45decdf47b09
SHA1

9a3ae2f175dc68df4a04b63481c85605d32dbf7b
SHA256

a2fbad4ec77ac3705b589d22f3e29dacdb6ab39a6fe1fd2dc26cc6047f2a6bda
SHA512

000787278199acd7ffb906a68da22ac7fb330d0bab3f139b630900a6582f0614ac67af75eaddfb3746e43170f4f826dde6857a9d6c6b2a3584933ce8e2ca2f27
SSDEEP

12288:j6jT+Nw4knR6XRNZ1K/lGRgOUqmq9kR6lhKXD0tlir:jG+NCR6X3PK/cRgOnmq9g6i0tlg

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2636 set thread context of 1784	2636	a2fbad4ec77ac3705b589d22f3e29dacdb6ab39a6fe1fd2dc26cc6047f2a6bda.exe	83

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1784	a2fbad4ec77ac3705b589d22f3e29dacdb6ab39a6fe1fd2dc26cc6047f2a6bda.exe
1784	a2fbad4ec77ac3705b589d22f3e29dacdb6ab39a6fe1fd2dc26cc6047f2a6bda.exe
1784	a2fbad4ec77ac3705b589d22f3e29dacdb6ab39a6fe1fd2dc26cc6047f2a6bda.exe
1784	a2fbad4ec77ac3705b589d22f3e29dacdb6ab39a6fe1fd2dc26cc6047f2a6bda.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2636	a2fbad4ec77ac3705b589d22f3e29dacdb6ab39a6fe1fd2dc26cc6047f2a6bda.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2636 wrote to memory of 1784	2636	a2fbad4ec77ac3705b589d22f3e29dacdb6ab39a6fe1fd2dc26cc6047f2a6bda.exe	83
PID 2636 wrote to memory of 1784	2636	a2fbad4ec77ac3705b589d22f3e29dacdb6ab39a6fe1fd2dc26cc6047f2a6bda.exe	83
PID 2636 wrote to memory of 1784	2636	a2fbad4ec77ac3705b589d22f3e29dacdb6ab39a6fe1fd2dc26cc6047f2a6bda.exe	83
PID 2636 wrote to memory of 1784	2636	a2fbad4ec77ac3705b589d22f3e29dacdb6ab39a6fe1fd2dc26cc6047f2a6bda.exe	83
PID 2636 wrote to memory of 1784	2636	a2fbad4ec77ac3705b589d22f3e29dacdb6ab39a6fe1fd2dc26cc6047f2a6bda.exe	83
PID 2636 wrote to memory of 1784	2636	a2fbad4ec77ac3705b589d22f3e29dacdb6ab39a6fe1fd2dc26cc6047f2a6bda.exe	83
PID 2636 wrote to memory of 1784	2636	a2fbad4ec77ac3705b589d22f3e29dacdb6ab39a6fe1fd2dc26cc6047f2a6bda.exe	83
PID 1784 wrote to memory of 2584	1784	a2fbad4ec77ac3705b589d22f3e29dacdb6ab39a6fe1fd2dc26cc6047f2a6bda.exe	54
PID 1784 wrote to memory of 2584	1784	a2fbad4ec77ac3705b589d22f3e29dacdb6ab39a6fe1fd2dc26cc6047f2a6bda.exe	54
PID 1784 wrote to memory of 2584	1784	a2fbad4ec77ac3705b589d22f3e29dacdb6ab39a6fe1fd2dc26cc6047f2a6bda.exe	54
PID 1784 wrote to memory of 2584	1784	a2fbad4ec77ac3705b589d22f3e29dacdb6ab39a6fe1fd2dc26cc6047f2a6bda.exe	54

memory/1784-137-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1784-141-0x0000000000400000-0x00000000004083A0-memory.dmp

Filesize
32KB

Download
memory/1784-143-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/2584-142-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/2636-132-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/2636-133-0x00000000022B0000-0x0000000002310000-memory.dmp

Filesize
384KB

Download
memory/2636-139-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/2636-140-0x00000000022B0000-0x0000000002310000-memory.dmp

Filesize
384KB

Download