1d207d0e77bac606063f7956fe2b74866b70eb150af56b644af71f1f1d33f6b4

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
20/11/2023, 17:09

Target

1d207d0e77bac606063f7956fe2b74866b70eb150af56b644af71f1f1d33f6b4.exe
Size

36KB
MD5

55e74f5dd21e3a64cb3227e16e81aea7
SHA1

6c5375fcf761c582fc731669e071eb33b1b9b9a4
SHA256

1d207d0e77bac606063f7956fe2b74866b70eb150af56b644af71f1f1d33f6b4
SHA512

bdb6c3654c7f27f81827c02f4619a9508f2e079dcf3a3832b1b3b63354cbf72c1184dd294afaf50e079b34b955fdc2d6f3b851366a82a96717d654d56d518c04
SSDEEP

96:IaLVaLTrdoH7LB0HF/8A8uQcTWS6rSogY8bkR31WqTdQ4xxmB1e0NAIO/IQNTp6T:IaJaHryetQHSw0Mx1TT2dxCU7+Zzfo

Score

1^/10

Suspicious use of SetWindowsHookEx 5 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 1624	1980	1d207d0e77bac606063f7956fe2b74866b70eb150af56b644af71f1f1d33f6b4.exe	28
PID 1980 wrote to memory of 1624	1980	1d207d0e77bac606063f7956fe2b74866b70eb150af56b644af71f1f1d33f6b4.exe	28
PID 1980 wrote to memory of 1624	1980	1d207d0e77bac606063f7956fe2b74866b70eb150af56b644af71f1f1d33f6b4.exe	28

C:\Users\Admin\AppData\Local\Temp\1d207d0e77bac606063f7956fe2b74866b70eb150af56b644af71f1f1d33f6b4.exe
"C:\Users\Admin\AppData\Local\Temp\1d207d0e77bac606063f7956fe2b74866b70eb150af56b644af71f1f1d33f6b4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1980
- C:\Program Files\Windows NT\Accessories\wordpad.exe
  "C:\Users\Admin\AppData\Local\Temp\1d207d0e77bac606063f7956fe2b74866b70eb150af56b644af71f1f1d33f6b4.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1624

memory/1624-2-0x0000000001F60000-0x0000000001F61000-memory.dmp

Filesize
4KB

Download
memory/1624-3-0x0000000001F60000-0x0000000001F61000-memory.dmp

Filesize
4KB

Download
memory/1980-0-0x000000013F660000-0x000000013F667000-memory.dmp

Filesize
28KB

Download