bacd6837589a78258c7d4b7538a3e4696eda11d7dda5eb8d24bcc7f97316f148

Analysis

max time kernel
145s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 10:08

Target

bacd6837589a78258c7d4b7538a3e4696eda11d7dda5eb8d24bcc7f97316f148.exe
Size

100KB
MD5

34d27435f534bef253a3369334518afe
SHA1

7097a24f772c597bd27c9dcb6b550299e30de7b4
SHA256

bacd6837589a78258c7d4b7538a3e4696eda11d7dda5eb8d24bcc7f97316f148
SHA512

5de6a1097ecb628ea7ef43b2fe47c3ab179301afd4bbfe26161b8be377e32516610f0b80a09005cb26ca2c2879df37130792b2ea88d9ee8ea6942c9e97bb0cec
SSDEEP

1536:ZatjL+cRhq9TAPV2s7yIZynVeuCaFawa4DNOl7rj7n:0tjL+2hq9kPYOdiwn

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4960 set thread context of 3492	4960	bacd6837589a78258c7d4b7538a3e4696eda11d7dda5eb8d24bcc7f97316f148.exe	81

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4960	bacd6837589a78258c7d4b7538a3e4696eda11d7dda5eb8d24bcc7f97316f148.exe
4960	bacd6837589a78258c7d4b7538a3e4696eda11d7dda5eb8d24bcc7f97316f148.exe
3492	bacd6837589a78258c7d4b7538a3e4696eda11d7dda5eb8d24bcc7f97316f148.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 3492	4960	bacd6837589a78258c7d4b7538a3e4696eda11d7dda5eb8d24bcc7f97316f148.exe	81
PID 4960 wrote to memory of 3492	4960	bacd6837589a78258c7d4b7538a3e4696eda11d7dda5eb8d24bcc7f97316f148.exe	81
PID 4960 wrote to memory of 3492	4960	bacd6837589a78258c7d4b7538a3e4696eda11d7dda5eb8d24bcc7f97316f148.exe	81
PID 4960 wrote to memory of 3492	4960	bacd6837589a78258c7d4b7538a3e4696eda11d7dda5eb8d24bcc7f97316f148.exe	81
PID 4960 wrote to memory of 3492	4960	bacd6837589a78258c7d4b7538a3e4696eda11d7dda5eb8d24bcc7f97316f148.exe	81
PID 4960 wrote to memory of 3492	4960	bacd6837589a78258c7d4b7538a3e4696eda11d7dda5eb8d24bcc7f97316f148.exe	81
PID 4960 wrote to memory of 3492	4960	bacd6837589a78258c7d4b7538a3e4696eda11d7dda5eb8d24bcc7f97316f148.exe	81
PID 4960 wrote to memory of 3492	4960	bacd6837589a78258c7d4b7538a3e4696eda11d7dda5eb8d24bcc7f97316f148.exe	81

C:\Users\Admin\AppData\Local\Temp\bacd6837589a78258c7d4b7538a3e4696eda11d7dda5eb8d24bcc7f97316f148.exe
"C:\Users\Admin\AppData\Local\Temp\bacd6837589a78258c7d4b7538a3e4696eda11d7dda5eb8d24bcc7f97316f148.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Users\Admin\AppData\Local\Temp\bacd6837589a78258c7d4b7538a3e4696eda11d7dda5eb8d24bcc7f97316f148.exe
  C:\Users\Admin\AppData\Local\Temp\bacd6837589a78258c7d4b7538a3e4696eda11d7dda5eb8d24bcc7f97316f148.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3492

memory/3492-136-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3492-138-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3492-141-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4960-132-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4960-142-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download