dabd28bfea74ec948c55eff40a0a911140e63c05e3d36d53bde00ed3c0e31c35

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 10:05

Target

dabd28bfea74ec948c55eff40a0a911140e63c05e3d36d53bde00ed3c0e31c35.exe
Size

340KB
MD5

d858dfb7bf317316ae27c7636cdf75df
SHA1

941ea1bc35c904dfeb65d64f27fa76796a55b08d
SHA256

dabd28bfea74ec948c55eff40a0a911140e63c05e3d36d53bde00ed3c0e31c35
SHA512

438557f8e46455879f33db646bf7debb7a84285141830b5bc6704e22be040e0126dbc0b0e30f79880c400cc5d0a60a5f367a7b3d386c482a903aa96eb812fe81
SSDEEP

3072:YJXzYz/HahHHQmFvsvy7HbGhVS//NeC+bv3QOg37F38b5c:Ha7qMFyc

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1284 set thread context of 1328	1284	dabd28bfea74ec948c55eff40a0a911140e63c05e3d36d53bde00ed3c0e31c35.exe	27

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1328	dabd28bfea74ec948c55eff40a0a911140e63c05e3d36d53bde00ed3c0e31c35.exe
1328	dabd28bfea74ec948c55eff40a0a911140e63c05e3d36d53bde00ed3c0e31c35.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1284	dabd28bfea74ec948c55eff40a0a911140e63c05e3d36d53bde00ed3c0e31c35.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 1328	1284	dabd28bfea74ec948c55eff40a0a911140e63c05e3d36d53bde00ed3c0e31c35.exe	27
PID 1284 wrote to memory of 1328	1284	dabd28bfea74ec948c55eff40a0a911140e63c05e3d36d53bde00ed3c0e31c35.exe	27
PID 1284 wrote to memory of 1328	1284	dabd28bfea74ec948c55eff40a0a911140e63c05e3d36d53bde00ed3c0e31c35.exe	27
PID 1284 wrote to memory of 1328	1284	dabd28bfea74ec948c55eff40a0a911140e63c05e3d36d53bde00ed3c0e31c35.exe	27
PID 1284 wrote to memory of 1328	1284	dabd28bfea74ec948c55eff40a0a911140e63c05e3d36d53bde00ed3c0e31c35.exe	27
PID 1284 wrote to memory of 1328	1284	dabd28bfea74ec948c55eff40a0a911140e63c05e3d36d53bde00ed3c0e31c35.exe	27
PID 1284 wrote to memory of 1328	1284	dabd28bfea74ec948c55eff40a0a911140e63c05e3d36d53bde00ed3c0e31c35.exe	27
PID 1284 wrote to memory of 1328	1284	dabd28bfea74ec948c55eff40a0a911140e63c05e3d36d53bde00ed3c0e31c35.exe	27
PID 1328 wrote to memory of 1204	1328	dabd28bfea74ec948c55eff40a0a911140e63c05e3d36d53bde00ed3c0e31c35.exe	12
PID 1328 wrote to memory of 1204	1328	dabd28bfea74ec948c55eff40a0a911140e63c05e3d36d53bde00ed3c0e31c35.exe	12
PID 1328 wrote to memory of 1204	1328	dabd28bfea74ec948c55eff40a0a911140e63c05e3d36d53bde00ed3c0e31c35.exe	12
PID 1328 wrote to memory of 1204	1328	dabd28bfea74ec948c55eff40a0a911140e63c05e3d36d53bde00ed3c0e31c35.exe	12

memory/1204-61-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1328-56-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1328-59-0x0000000000400000-0x00000000004083A0-memory.dmp

Filesize
32KB

Download
memory/1328-60-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download
memory/1328-64-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download