1d207d0e77bac606063f7956fe2b74866b70eb150af56b644af71f1f1d33f6b4

Analysis

max time kernel
142s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2023, 17:09

Target

1d207d0e77bac606063f7956fe2b74866b70eb150af56b644af71f1f1d33f6b4.exe
Size

36KB
MD5

55e74f5dd21e3a64cb3227e16e81aea7
SHA1

6c5375fcf761c582fc731669e071eb33b1b9b9a4
SHA256

1d207d0e77bac606063f7956fe2b74866b70eb150af56b644af71f1f1d33f6b4
SHA512

bdb6c3654c7f27f81827c02f4619a9508f2e079dcf3a3832b1b3b63354cbf72c1184dd294afaf50e079b34b955fdc2d6f3b851366a82a96717d654d56d518c04
SSDEEP

96:IaLVaLTrdoH7LB0HF/8A8uQcTWS6rSogY8bkR31WqTdQ4xxmB1e0NAIO/IQNTp6T:IaJaHryetQHSw0Mx1TT2dxCU7+Zzfo

Score

1^/10

Suspicious use of SetWindowsHookEx 5 IoCs

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3204 wrote to memory of 4084	3204	1d207d0e77bac606063f7956fe2b74866b70eb150af56b644af71f1f1d33f6b4.exe	83
PID 3204 wrote to memory of 4084	3204	1d207d0e77bac606063f7956fe2b74866b70eb150af56b644af71f1f1d33f6b4.exe	83

C:\Users\Admin\AppData\Local\Temp\1d207d0e77bac606063f7956fe2b74866b70eb150af56b644af71f1f1d33f6b4.exe
"C:\Users\Admin\AppData\Local\Temp\1d207d0e77bac606063f7956fe2b74866b70eb150af56b644af71f1f1d33f6b4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3204
- C:\Program Files\Windows NT\Accessories\wordpad.exe
  "C:\Users\Admin\AppData\Local\Temp\1d207d0e77bac606063f7956fe2b74866b70eb150af56b644af71f1f1d33f6b4.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4084

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:4492

memory/3204-0-0x00007FF6CC730000-0x00007FF6CC737000-memory.dmp

Filesize
28KB

Download