051700761419b8b6b6c766afd1edeb1647f961fb977cbf448198cd46714c850b

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
17/11/2023, 17:49

Target

051700761419b8b6b6c766afd1edeb1647f961fb977cbf448198cd46714c850b.exe
Size

36KB
MD5

f4015103ad4ca741454dbe5570373b89
SHA1

2a0bc8e8a34148e2de437adfcc71fb54b4497b0c
SHA256

051700761419b8b6b6c766afd1edeb1647f961fb977cbf448198cd46714c850b
SHA512

96219825a00517b6fdbc255a140a7e3874e0f44b52db5aa589fa2d3779c4d928e07ec35f713803f125655c4b31e3be4d1e6890fccb9d4eea342433f8e085dfc6
SSDEEP

192:I8mMbhEVIQHSw0Mx1TTw76mpvzvOQSBZL0X4O:I89bqVjE76UmT/a

Score

1^/10

Suspicious use of SetWindowsHookEx 5 IoCs

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2560 wrote to memory of 2528	2560	051700761419b8b6b6c766afd1edeb1647f961fb977cbf448198cd46714c850b.exe	28
PID 2560 wrote to memory of 2528	2560	051700761419b8b6b6c766afd1edeb1647f961fb977cbf448198cd46714c850b.exe	28
PID 2560 wrote to memory of 2528	2560	051700761419b8b6b6c766afd1edeb1647f961fb977cbf448198cd46714c850b.exe	28
PID 2560 wrote to memory of 2528	2560	051700761419b8b6b6c766afd1edeb1647f961fb977cbf448198cd46714c850b.exe	28
PID 2528 wrote to memory of 2156	2528	wordpad.exe	29
PID 2528 wrote to memory of 2156	2528	wordpad.exe	29
PID 2528 wrote to memory of 2156	2528	wordpad.exe	29
PID 2528 wrote to memory of 2156	2528	wordpad.exe	29

C:\Users\Admin\AppData\Local\Temp\051700761419b8b6b6c766afd1edeb1647f961fb977cbf448198cd46714c850b.exe
"C:\Users\Admin\AppData\Local\Temp\051700761419b8b6b6c766afd1edeb1647f961fb977cbf448198cd46714c850b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2560
- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
  "C:\Users\Admin\AppData\Local\Temp\051700761419b8b6b6c766afd1edeb1647f961fb977cbf448198cd46714c850b.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2528
- - C:\Windows\splwow64.exe
    C:\Windows\splwow64.exe 12288
    3⤵
    PID:2156

memory/2528-1-0x00000000006F0000-0x00000000006F1000-memory.dmp

Filesize
4KB

Download
memory/2528-3-0x00000000006F0000-0x00000000006F1000-memory.dmp

Filesize
4KB

Download
memory/2560-0-0x0000000000840000-0x0000000000847000-memory.dmp

Filesize
28KB

Download