bf4ef83105f9470c8c80cabd158fdeeb9674a39df0a3b636b922223f325650f3

Analysis

max time kernel
165s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 10:42

Target

bf4ef83105f9470c8c80cabd158fdeeb9674a39df0a3b636b922223f325650f3.exe
Size

340KB
MD5

aecb98af93e575e3ec917e4fa716ebaf
SHA1

d1d0c2689cadecebb95b70e92877db791c8c6371
SHA256

bf4ef83105f9470c8c80cabd158fdeeb9674a39df0a3b636b922223f325650f3
SHA512

2a73ae9a7955523c524ef8f47d5ea78dc22430049bef7402b647007322d1a2bbd328802b5faeb085ce5931fab79196ad986569964b5f99af968b6b812a5a2f5e
SSDEEP

6144:+X2U6D1taTtP1gf1/P7FTk8s1HZSyok5Az9hAtEm7gMuCKczll9/bzrF:wM1t8Jifnk8o5qUtEm7HurK/3Z

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3668 set thread context of 1684	3668	bf4ef83105f9470c8c80cabd158fdeeb9674a39df0a3b636b922223f325650f3.exe	78

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1684	bf4ef83105f9470c8c80cabd158fdeeb9674a39df0a3b636b922223f325650f3.exe
1684	bf4ef83105f9470c8c80cabd158fdeeb9674a39df0a3b636b922223f325650f3.exe
1684	bf4ef83105f9470c8c80cabd158fdeeb9674a39df0a3b636b922223f325650f3.exe
1684	bf4ef83105f9470c8c80cabd158fdeeb9674a39df0a3b636b922223f325650f3.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3668	bf4ef83105f9470c8c80cabd158fdeeb9674a39df0a3b636b922223f325650f3.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3668 wrote to memory of 1684	3668	bf4ef83105f9470c8c80cabd158fdeeb9674a39df0a3b636b922223f325650f3.exe	78
PID 3668 wrote to memory of 1684	3668	bf4ef83105f9470c8c80cabd158fdeeb9674a39df0a3b636b922223f325650f3.exe	78
PID 3668 wrote to memory of 1684	3668	bf4ef83105f9470c8c80cabd158fdeeb9674a39df0a3b636b922223f325650f3.exe	78
PID 3668 wrote to memory of 1684	3668	bf4ef83105f9470c8c80cabd158fdeeb9674a39df0a3b636b922223f325650f3.exe	78
PID 3668 wrote to memory of 1684	3668	bf4ef83105f9470c8c80cabd158fdeeb9674a39df0a3b636b922223f325650f3.exe	78
PID 3668 wrote to memory of 1684	3668	bf4ef83105f9470c8c80cabd158fdeeb9674a39df0a3b636b922223f325650f3.exe	78
PID 3668 wrote to memory of 1684	3668	bf4ef83105f9470c8c80cabd158fdeeb9674a39df0a3b636b922223f325650f3.exe	78
PID 1684 wrote to memory of 2616	1684	bf4ef83105f9470c8c80cabd158fdeeb9674a39df0a3b636b922223f325650f3.exe	54
PID 1684 wrote to memory of 2616	1684	bf4ef83105f9470c8c80cabd158fdeeb9674a39df0a3b636b922223f325650f3.exe	54
PID 1684 wrote to memory of 2616	1684	bf4ef83105f9470c8c80cabd158fdeeb9674a39df0a3b636b922223f325650f3.exe	54
PID 1684 wrote to memory of 2616	1684	bf4ef83105f9470c8c80cabd158fdeeb9674a39df0a3b636b922223f325650f3.exe	54

memory/1684-136-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1684-139-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/1684-141-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2616-140-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/3668-132-0x0000000000400000-0x00000000004D6000-memory.dmp

Filesize
856KB

Download
memory/3668-138-0x0000000000400000-0x00000000004D6000-memory.dmp

Filesize
856KB

Download