051700761419b8b6b6c766afd1edeb1647f961fb977cbf448198cd46714c850b

Analysis

max time kernel
138s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
17-11-2023 17:49

Target

051700761419b8b6b6c766afd1edeb1647f961fb977cbf448198cd46714c850b.exe
Size

36KB
MD5

f4015103ad4ca741454dbe5570373b89
SHA1

2a0bc8e8a34148e2de437adfcc71fb54b4497b0c
SHA256

051700761419b8b6b6c766afd1edeb1647f961fb977cbf448198cd46714c850b
SHA512

96219825a00517b6fdbc255a140a7e3874e0f44b52db5aa589fa2d3779c4d928e07ec35f713803f125655c4b31e3be4d1e6890fccb9d4eea342433f8e085dfc6
SSDEEP

192:I8mMbhEVIQHSw0Mx1TTw76mpvzvOQSBZL0X4O:I89bqVjE76UmT/a

Score

1^/10

Suspicious use of SetWindowsHookEx 5 IoCs

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 4172	948	051700761419b8b6b6c766afd1edeb1647f961fb977cbf448198cd46714c850b.exe	90
PID 948 wrote to memory of 4172	948	051700761419b8b6b6c766afd1edeb1647f961fb977cbf448198cd46714c850b.exe	90
PID 948 wrote to memory of 4172	948	051700761419b8b6b6c766afd1edeb1647f961fb977cbf448198cd46714c850b.exe	90
PID 4172 wrote to memory of 1780	4172	wordpad.exe	94
PID 4172 wrote to memory of 1780	4172	wordpad.exe	94

C:\Users\Admin\AppData\Local\Temp\051700761419b8b6b6c766afd1edeb1647f961fb977cbf448198cd46714c850b.exe
"C:\Users\Admin\AppData\Local\Temp\051700761419b8b6b6c766afd1edeb1647f961fb977cbf448198cd46714c850b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:948
- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
  "C:\Users\Admin\AppData\Local\Temp\051700761419b8b6b6c766afd1edeb1647f961fb977cbf448198cd46714c850b.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4172
- - C:\Windows\splwow64.exe
    C:\Windows\splwow64.exe 12288
    3⤵
    PID:1780

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:3052

memory/948-0-0x00000000004C0000-0x00000000004C7000-memory.dmp

Filesize
28KB

Download