dacd2037f5d9959edee3c62793e3113d58c2936ccdc500f469a4d5cd56647bee

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 10:13

Target

dacd2037f5d9959edee3c62793e3113d58c2936ccdc500f469a4d5cd56647bee.exe
Size

120KB
MD5

da4bffe52b8ace220528e3eea1c4eb08
SHA1

320c458e0b747a99985b114ac69714ec9d170587
SHA256

dacd2037f5d9959edee3c62793e3113d58c2936ccdc500f469a4d5cd56647bee
SHA512

99558bb04f60352425d78183a35d9366f59c18b3e709abfaf51ca61f294c8ddadd42af0d9176a6f2893ea1809d7e1b3d9f2e91adebe7bb8f12de9d650dc7105f
SSDEEP

1536:nnjwA038Dru9QOG/+skxuVVGqcQ1KKHdU/Qdp10mCW0/lRnW+ZXHvfu0YORPPt9:njwQru9wux4kBQ1LHTp3otZ3vhPF9

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4056 set thread context of 2080	4056	dacd2037f5d9959edee3c62793e3113d58c2936ccdc500f469a4d5cd56647bee.exe	80

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4056	dacd2037f5d9959edee3c62793e3113d58c2936ccdc500f469a4d5cd56647bee.exe
2080	dacd2037f5d9959edee3c62793e3113d58c2936ccdc500f469a4d5cd56647bee.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4056 wrote to memory of 2080	4056	dacd2037f5d9959edee3c62793e3113d58c2936ccdc500f469a4d5cd56647bee.exe	80
PID 4056 wrote to memory of 2080	4056	dacd2037f5d9959edee3c62793e3113d58c2936ccdc500f469a4d5cd56647bee.exe	80
PID 4056 wrote to memory of 2080	4056	dacd2037f5d9959edee3c62793e3113d58c2936ccdc500f469a4d5cd56647bee.exe	80
PID 4056 wrote to memory of 2080	4056	dacd2037f5d9959edee3c62793e3113d58c2936ccdc500f469a4d5cd56647bee.exe	80
PID 4056 wrote to memory of 2080	4056	dacd2037f5d9959edee3c62793e3113d58c2936ccdc500f469a4d5cd56647bee.exe	80
PID 4056 wrote to memory of 2080	4056	dacd2037f5d9959edee3c62793e3113d58c2936ccdc500f469a4d5cd56647bee.exe	80
PID 4056 wrote to memory of 2080	4056	dacd2037f5d9959edee3c62793e3113d58c2936ccdc500f469a4d5cd56647bee.exe	80
PID 4056 wrote to memory of 2080	4056	dacd2037f5d9959edee3c62793e3113d58c2936ccdc500f469a4d5cd56647bee.exe	80

C:\Users\Admin\AppData\Local\Temp\dacd2037f5d9959edee3c62793e3113d58c2936ccdc500f469a4d5cd56647bee.exe
"C:\Users\Admin\AppData\Local\Temp\dacd2037f5d9959edee3c62793e3113d58c2936ccdc500f469a4d5cd56647bee.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4056
- C:\Users\Admin\AppData\Local\Temp\dacd2037f5d9959edee3c62793e3113d58c2936ccdc500f469a4d5cd56647bee.exe
  "C:\Users\Admin\AppData\Local\Temp\dacd2037f5d9959edee3c62793e3113d58c2936ccdc500f469a4d5cd56647bee.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2080

memory/2080-135-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/2080-139-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download