99fb61132ac08d9e8b2c5ab5d15abe16e3372fe52c941976f7acfa766f1992c3

Analysis

max time kernel
25s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 16:26

Target

99fb61132ac08d9e8b2c5ab5d15abe16e3372fe52c941976f7acfa766f1992c3.exe
Size

68KB
MD5

9f781b361b4cbc1bca7cb84e45882673
SHA1

83e123f7bb72d1d6b18fd29adcf6b9c0d2957eec
SHA256

99fb61132ac08d9e8b2c5ab5d15abe16e3372fe52c941976f7acfa766f1992c3
SHA512

c2201d80c827c87592c362ee91026c5afbb52cd74e4ae5ee2a497d56b14e569d83d9969ac31480249694bd7b4fa05a21122c3b60f81edfd9816785809dcb0218
SSDEEP

768:VkcapF+Yxt+mV0eMwd1Jg5YUFfbihi8x1A73mHqXUCTR+jrjaE:OcaH+Yxt+WJlg5dTi2uPaE

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1740 set thread context of 884	1740	99fb61132ac08d9e8b2c5ab5d15abe16e3372fe52c941976f7acfa766f1992c3.exe	28

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1740	99fb61132ac08d9e8b2c5ab5d15abe16e3372fe52c941976f7acfa766f1992c3.exe
884	99fb61132ac08d9e8b2c5ab5d15abe16e3372fe52c941976f7acfa766f1992c3.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 884	1740	99fb61132ac08d9e8b2c5ab5d15abe16e3372fe52c941976f7acfa766f1992c3.exe	28
PID 1740 wrote to memory of 884	1740	99fb61132ac08d9e8b2c5ab5d15abe16e3372fe52c941976f7acfa766f1992c3.exe	28
PID 1740 wrote to memory of 884	1740	99fb61132ac08d9e8b2c5ab5d15abe16e3372fe52c941976f7acfa766f1992c3.exe	28
PID 1740 wrote to memory of 884	1740	99fb61132ac08d9e8b2c5ab5d15abe16e3372fe52c941976f7acfa766f1992c3.exe	28
PID 1740 wrote to memory of 884	1740	99fb61132ac08d9e8b2c5ab5d15abe16e3372fe52c941976f7acfa766f1992c3.exe	28
PID 1740 wrote to memory of 884	1740	99fb61132ac08d9e8b2c5ab5d15abe16e3372fe52c941976f7acfa766f1992c3.exe	28
PID 1740 wrote to memory of 884	1740	99fb61132ac08d9e8b2c5ab5d15abe16e3372fe52c941976f7acfa766f1992c3.exe	28
PID 1740 wrote to memory of 884	1740	99fb61132ac08d9e8b2c5ab5d15abe16e3372fe52c941976f7acfa766f1992c3.exe	28
PID 1740 wrote to memory of 884	1740	99fb61132ac08d9e8b2c5ab5d15abe16e3372fe52c941976f7acfa766f1992c3.exe	28

C:\Users\Admin\AppData\Local\Temp\99fb61132ac08d9e8b2c5ab5d15abe16e3372fe52c941976f7acfa766f1992c3.exe
"C:\Users\Admin\AppData\Local\Temp\99fb61132ac08d9e8b2c5ab5d15abe16e3372fe52c941976f7acfa766f1992c3.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Users\Admin\AppData\Local\Temp\99fb61132ac08d9e8b2c5ab5d15abe16e3372fe52c941976f7acfa766f1992c3.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:884

memory/884-56-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/884-61-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download