c4fdc8f48af5c41858c80f931839b7de65dc787e79802906be5ea14c5731bda8

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
09/10/2023, 01:06

Target

c4fdc8f48af5c41858c80f931839b7de65dc787e79802906be5ea14c5731bda8.exe
Size

804KB
MD5

7f6de68412bcd533071d2e4aa9bbf5a8
SHA1

f596dc973f2cd38e4b1d7a7c18ec023aa5de6bee
SHA256

c4fdc8f48af5c41858c80f931839b7de65dc787e79802906be5ea14c5731bda8
SHA512

070554513dc401bde583065c1e0c18927bdf1a1a9751decb41af5f810d4bd3efddf6785118f0a8cee7ba9305db104a460390e4ff344affbe56647d1b38034693
SSDEEP

12288:Rz0img5/0jOBgscLu+XV2oEdp9wGRJLSwtff1J4AjrLeaeFkmrAK:Rz0imgd0jIgscLRXV2oCpl1JXj+jkQT

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3056	c4fdc8f48af5c41858c80f931839b7de65dc787e79802906be5ea14c5731bda8.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3056	c4fdc8f48af5c41858c80f931839b7de65dc787e79802906be5ea14c5731bda8.exe
3056	c4fdc8f48af5c41858c80f931839b7de65dc787e79802906be5ea14c5731bda8.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 2584	3056	c4fdc8f48af5c41858c80f931839b7de65dc787e79802906be5ea14c5731bda8.exe	28
PID 3056 wrote to memory of 2584	3056	c4fdc8f48af5c41858c80f931839b7de65dc787e79802906be5ea14c5731bda8.exe	28
PID 3056 wrote to memory of 2584	3056	c4fdc8f48af5c41858c80f931839b7de65dc787e79802906be5ea14c5731bda8.exe	28
PID 3056 wrote to memory of 2584	3056	c4fdc8f48af5c41858c80f931839b7de65dc787e79802906be5ea14c5731bda8.exe	28
PID 2708 wrote to memory of 2552	2708	explorer.exe	30
PID 2708 wrote to memory of 2552	2708	explorer.exe	30
PID 2708 wrote to memory of 2552	2708	explorer.exe	30

C:\Users\Admin\AppData\Local\Temp\c4fdc8f48af5c41858c80f931839b7de65dc787e79802906be5ea14c5731bda8.exe
"C:\Users\Admin\AppData\Local\Temp\c4fdc8f48af5c41858c80f931839b7de65dc787e79802906be5ea14c5731bda8.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Windows\SysWOW64\explorer.exe
  explorer C:\Windows\System32\SystemPropertiesAdvanced.exe
  2⤵
  PID:2584

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Windows\System32\SystemPropertiesAdvanced.exe
  "C:\Windows\System32\SystemPropertiesAdvanced.exe"
  2⤵
  PID:2552