a62fe20f2d227bafd9797e8835172a977d300a8544065abd4f38a37660135784

Analysis

max time kernel
90s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 18:14

Target

a62fe20f2d227bafd9797e8835172a977d300a8544065abd4f38a37660135784.exe
Size

64KB
MD5

1634cb09cf77036718c5a428658da940
SHA1

13124fe1c806e469f557f92dd73fbe64de6b3fff
SHA256

a62fe20f2d227bafd9797e8835172a977d300a8544065abd4f38a37660135784
SHA512

256c32fd41f07269c65955e8aa470e1c19e903e84f302f586c726e69effdb648440a48f3791e7d4c4e514f0b130a6e205797ce6fe59e4f5f683e5dfc252d342e
SSDEEP

1536:p+kf9I4+c4AJjaoMusZItOTNs/D0hQ2jYM8svq3bQkkfZWX:Qkf9t4AJjJtebZLT8U/fZE

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1316 set thread context of 1664	1316	a62fe20f2d227bafd9797e8835172a977d300a8544065abd4f38a37660135784.exe	82

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1316	a62fe20f2d227bafd9797e8835172a977d300a8544065abd4f38a37660135784.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1316 wrote to memory of 1664	1316	a62fe20f2d227bafd9797e8835172a977d300a8544065abd4f38a37660135784.exe	82
PID 1316 wrote to memory of 1664	1316	a62fe20f2d227bafd9797e8835172a977d300a8544065abd4f38a37660135784.exe	82
PID 1316 wrote to memory of 1664	1316	a62fe20f2d227bafd9797e8835172a977d300a8544065abd4f38a37660135784.exe	82
PID 1316 wrote to memory of 1664	1316	a62fe20f2d227bafd9797e8835172a977d300a8544065abd4f38a37660135784.exe	82
PID 1316 wrote to memory of 1664	1316	a62fe20f2d227bafd9797e8835172a977d300a8544065abd4f38a37660135784.exe	82
PID 1316 wrote to memory of 1664	1316	a62fe20f2d227bafd9797e8835172a977d300a8544065abd4f38a37660135784.exe	82
PID 1316 wrote to memory of 1664	1316	a62fe20f2d227bafd9797e8835172a977d300a8544065abd4f38a37660135784.exe	82
PID 1664 wrote to memory of 652	1664	a62fe20f2d227bafd9797e8835172a977d300a8544065abd4f38a37660135784.EXE	42
PID 1664 wrote to memory of 652	1664	a62fe20f2d227bafd9797e8835172a977d300a8544065abd4f38a37660135784.EXE	42
PID 1664 wrote to memory of 652	1664	a62fe20f2d227bafd9797e8835172a977d300a8544065abd4f38a37660135784.EXE	42
PID 1664 wrote to memory of 652	1664	a62fe20f2d227bafd9797e8835172a977d300a8544065abd4f38a37660135784.EXE	42

memory/652-139-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1316-137-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1664-134-0x0000000000000000-mapping.dmp

Download
memory/1664-135-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1664-138-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/1664-140-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download