8c9e695fe514796ba419cade63162dae6ee1c7dc945f5aae7fc3949b08ec7bc9

Analysis

max time kernel
100s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/12/2023, 01:21

Target

8c9e695fe514796ba419cade63162dae6ee1c7dc945f5aae7fc3949b08ec7bc9.exe
Size

86KB
MD5

e761d6254edab5e3ca17d7a18a103693
SHA1

94f15e8b62a69249223d8258b086774d503f6c88
SHA256

8c9e695fe514796ba419cade63162dae6ee1c7dc945f5aae7fc3949b08ec7bc9
SHA512

bfb80cc56c904867b80f4c2cf16127ffb958c0b1131d506a57c7f726b6b9eb27d5f11c35358debb8b221b683a80fc534ffa0a9175f3dd7fc921a6a4f2cb765fa
SSDEEP

384:ImCR+kjkcPTKOUKoKDv/iCwbzX1+OkRQtOxxkKKjirQXnNKQ6b8I2siAzA:IzRi1PKDvpOZ+OkeUkK4xXNY4BX+A

Score

1^/10

Suspicious use of SetWindowsHookEx 5 IoCs

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 4688	2148	8c9e695fe514796ba419cade63162dae6ee1c7dc945f5aae7fc3949b08ec7bc9.exe	88
PID 2148 wrote to memory of 4688	2148	8c9e695fe514796ba419cade63162dae6ee1c7dc945f5aae7fc3949b08ec7bc9.exe	88

C:\Users\Admin\AppData\Local\Temp\8c9e695fe514796ba419cade63162dae6ee1c7dc945f5aae7fc3949b08ec7bc9.exe
"C:\Users\Admin\AppData\Local\Temp\8c9e695fe514796ba419cade63162dae6ee1c7dc945f5aae7fc3949b08ec7bc9.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Program Files\Windows NT\Accessories\wordpad.exe
  "C:\Users\Admin\AppData\Local\Temp\8c9e695fe514796ba419cade63162dae6ee1c7dc945f5aae7fc3949b08ec7bc9.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4688

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:984

memory/2148-0-0x00007FF715A30000-0x00007FF715A43000-memory.dmp

Filesize
76KB

Download