e402dc981dfd65785ba438b5a411e79113011cfe106de67070a5bbb79791eae8

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 07:28

Target

0ec18603df155c632418bcf14475df93.exe
Size

80KB
MD5

0ec18603df155c632418bcf14475df93
SHA1

f6d72e2edc130b5c313108afa6ffe7a5e5ccd254
SHA256

e402dc981dfd65785ba438b5a411e79113011cfe106de67070a5bbb79791eae8
SHA512

e23b0ca88ad1dc6e7e6f30a59c4f43a614c852ec9c1815c4a29975b5cfcfa1c787a56176611ab665c38e2f3c7e31c3e5790ca849c5f647db88252e85d6eec35c
SSDEEP

1536:RV6AagumBNEmkbFGSTCSjU9Fhtu3eGORR2XxxyT42meitOe32QOA:RC8BNgbAylQAeeH23itl32Qr

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2076 set thread context of 2220	2076	0ec18603df155c632418bcf14475df93.exe	16

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2076	0ec18603df155c632418bcf14475df93.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2220	2076	0ec18603df155c632418bcf14475df93.exe	16
PID 2076 wrote to memory of 2220	2076	0ec18603df155c632418bcf14475df93.exe	16
PID 2076 wrote to memory of 2220	2076	0ec18603df155c632418bcf14475df93.exe	16
PID 2076 wrote to memory of 2220	2076	0ec18603df155c632418bcf14475df93.exe	16
PID 2076 wrote to memory of 2220	2076	0ec18603df155c632418bcf14475df93.exe	16
PID 2076 wrote to memory of 2220	2076	0ec18603df155c632418bcf14475df93.exe	16
PID 2076 wrote to memory of 2220	2076	0ec18603df155c632418bcf14475df93.exe	16
PID 2076 wrote to memory of 2220	2076	0ec18603df155c632418bcf14475df93.exe	16

C:\Users\Admin\AppData\Local\Temp\0ec18603df155c632418bcf14475df93.exe
"C:\Users\Admin\AppData\Local\Temp\0ec18603df155c632418bcf14475df93.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Users\Admin\AppData\Local\Temp\0ec18603df155c632418bcf14475df93.exe
  "C:\Users\Admin\AppData\Local\Temp\0ec18603df155c632418bcf14475df93.exe"
  2⤵
  PID:2220

memory/2076-1-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2076-7-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2076-3-0x0000000002430000-0x0000000002482000-memory.dmp

Filesize
328KB

Download
memory/2220-4-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2220-9-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2220-8-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2220-5-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/2220-11-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/2220-12-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download