58189cbd4e6dc0c7d8e66b6a6f75652fc9f4afc7ce0eba7d67d8c3feb0d5381f

Analysis

max time kernel
19s
max time network
18s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
09/04/2023, 13:48

Target

calc.exe
Size

27KB
MD5

5da8c98136d98dfec4716edd79c7145f
SHA1

ed13af4a0a754b8daee4929134d2ff15ebe053cd
SHA256

58189cbd4e6dc0c7d8e66b6a6f75652fc9f4afc7ce0eba7d67d8c3feb0d5381f
SHA512

6e2b067760ec178cdcc4df04c541ce6940fc2a0cdd36f57f4d6332e38119dbc5e24eb67c11d2c8c8ffeed43533c2dd8b642d2c7c997c392928091b5ccce7582a
SSDEEP

384:Otj8FKzuRxmeWCJxhd2WS/YWyiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiLiiiB:QXif4CbPQ7

Score

1^/10

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3853465373-1718857667-1861325682-1000_Classes\Local Settings	calc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4440	OpenWith.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4148 wrote to memory of 4748	4148	cmd.exe	70
PID 4148 wrote to memory of 4748	4148	cmd.exe	70
PID 4148 wrote to memory of 4656	4148	cmd.exe	71
PID 4148 wrote to memory of 4656	4148	cmd.exe	71

C:\Users\Admin\AppData\Local\Temp\calc.exe
"C:\Users\Admin\AppData\Local\Temp\calc.exe"
1⤵
- Modifies registry class
PID:2568

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4440

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4148
- C:\ProgramData\Oracle\Java\javapath\java.exe
  java
  2⤵
  PID:4748
- C:\ProgramData\Oracle\Java\javapath\java.exe
  java -version
  2⤵
  PID:4656

C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
33830175b86b3f26ce32f043b2ae81f0

SHA1
06e35ffb5da442b94c160749a92eb13c72a22488

SHA256
df62a191c2e21b771e5f04730878b1dfbfa38a1ca2ebc58adf507e7dda8ad37b

SHA512
8bc44ff10d3634d2a40abe3d3342cd1c7dca75a4c48b896e45be26fb526b1ab83fe896803931f6c775768d2f1ccd29da7a32a40f2fc5c7e4615541a943c81fd8

Download Submit
memory/4656-140-0x0000000000D10000-0x0000000000D11000-memory.dmp

Filesize
4KB

Download
memory/4748-127-0x00000000006D0000-0x00000000006D1000-memory.dmp

Filesize
4KB

Download