32c91eefe397ddc8fb7b2bf6753fc85145cc24ee18f9a9372d51712d9a8a44c4

Analysis

max time kernel
144s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 22:31

Target

15e93b91b63e0b8c2753c8059c5f688c.exe
Size

108KB
MD5

15e93b91b63e0b8c2753c8059c5f688c
SHA1

f3279851ba31250e2e71fa20728d8fa9eb97cc35
SHA256

32c91eefe397ddc8fb7b2bf6753fc85145cc24ee18f9a9372d51712d9a8a44c4
SHA512

5a0236cb195d2cc5a49d3c7416a181b962b411257c5ac727663f0a17c456a0cb4716772899ffe1e1cf02f84df98fbec03a182cf596c12374ad4c50869b0357af
SSDEEP

1536:OSB6pSPWEUD0FOi7tepjXV0ppODldztX8fmtRGtLL6:OFpSPVO+KjyODlvr

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4840 set thread context of 2152	4840	15e93b91b63e0b8c2753c8059c5f688c.exe	90

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4840	15e93b91b63e0b8c2753c8059c5f688c.exe
2152	15e93b91b63e0b8c2753c8059c5f688c.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4840 wrote to memory of 2152	4840	15e93b91b63e0b8c2753c8059c5f688c.exe	90
PID 4840 wrote to memory of 2152	4840	15e93b91b63e0b8c2753c8059c5f688c.exe	90
PID 4840 wrote to memory of 2152	4840	15e93b91b63e0b8c2753c8059c5f688c.exe	90
PID 4840 wrote to memory of 2152	4840	15e93b91b63e0b8c2753c8059c5f688c.exe	90
PID 4840 wrote to memory of 2152	4840	15e93b91b63e0b8c2753c8059c5f688c.exe	90
PID 4840 wrote to memory of 2152	4840	15e93b91b63e0b8c2753c8059c5f688c.exe	90
PID 4840 wrote to memory of 2152	4840	15e93b91b63e0b8c2753c8059c5f688c.exe	90
PID 4840 wrote to memory of 2152	4840	15e93b91b63e0b8c2753c8059c5f688c.exe	90
PID 4840 wrote to memory of 2152	4840	15e93b91b63e0b8c2753c8059c5f688c.exe	90

C:\Users\Admin\AppData\Local\Temp\15e93b91b63e0b8c2753c8059c5f688c.exe
"C:\Users\Admin\AppData\Local\Temp\15e93b91b63e0b8c2753c8059c5f688c.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4840
- C:\Users\Admin\AppData\Local\Temp\15e93b91b63e0b8c2753c8059c5f688c.exe
  C:\Users\Admin\AppData\Local\Temp\15e93b91b63e0b8c2753c8059c5f688c.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2152

memory/2152-2-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2152-4-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2152-7-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download