f0f92d4fd5e75f382ea76c7acd9dfdf39e1b7e74a41e78b8bbf3d157cd3aba2a

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 05:35

Target

0867e4f33f9c76d3ee63374a9ff2b69a.exe
Size

156KB
MD5

0867e4f33f9c76d3ee63374a9ff2b69a
SHA1

3f1e71f364a7bd50fab10930dcacae70eeca3053
SHA256

f0f92d4fd5e75f382ea76c7acd9dfdf39e1b7e74a41e78b8bbf3d157cd3aba2a
SHA512

7ee123ce5dc932cb3e1ea13a8f07cb41c863c67ee036ade173fb3584614373bc884f811ebc390107ac3b5bfcb0681d0a306255b13df6b025ce92c6d5a63a789f
SSDEEP

3072:L95PDods0WXyvlyW2hyEK7D6zd/3+P+kdMTenDo2SW6:2nDo2SW

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 860 set thread context of 1968	860	0867e4f33f9c76d3ee63374a9ff2b69a.exe	28

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
860	0867e4f33f9c76d3ee63374a9ff2b69a.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 860 wrote to memory of 1968	860	0867e4f33f9c76d3ee63374a9ff2b69a.exe	28
PID 860 wrote to memory of 1968	860	0867e4f33f9c76d3ee63374a9ff2b69a.exe	28
PID 860 wrote to memory of 1968	860	0867e4f33f9c76d3ee63374a9ff2b69a.exe	28
PID 860 wrote to memory of 1968	860	0867e4f33f9c76d3ee63374a9ff2b69a.exe	28
PID 860 wrote to memory of 1968	860	0867e4f33f9c76d3ee63374a9ff2b69a.exe	28
PID 860 wrote to memory of 1968	860	0867e4f33f9c76d3ee63374a9ff2b69a.exe	28
PID 860 wrote to memory of 1968	860	0867e4f33f9c76d3ee63374a9ff2b69a.exe	28
PID 860 wrote to memory of 1968	860	0867e4f33f9c76d3ee63374a9ff2b69a.exe	28

C:\Users\Admin\AppData\Local\Temp\0867e4f33f9c76d3ee63374a9ff2b69a.exe
"C:\Users\Admin\AppData\Local\Temp\0867e4f33f9c76d3ee63374a9ff2b69a.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:860
- C:\Users\Admin\AppData\Local\Temp\0867e4f33f9c76d3ee63374a9ff2b69a.exe
  C:\Users\Admin\AppData\Local\Temp\0867e4f33f9c76d3ee63374a9ff2b69a.exe
  2⤵
  PID:1968

memory/1968-2-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1968-3-0x0000000000400000-0x00000000004083A0-memory.dmp

Filesize
32KB

Download
memory/1968-5-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1968-6-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1968-9-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1968-8-0x0000000000400000-0x00000000004083A0-memory.dmp

Filesize
32KB

Download