e402dc981dfd65785ba438b5a411e79113011cfe106de67070a5bbb79791eae8

Analysis

max time kernel
105s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 07:28

Target

0ec18603df155c632418bcf14475df93.exe
Size

80KB
MD5

0ec18603df155c632418bcf14475df93
SHA1

f6d72e2edc130b5c313108afa6ffe7a5e5ccd254
SHA256

e402dc981dfd65785ba438b5a411e79113011cfe106de67070a5bbb79791eae8
SHA512

e23b0ca88ad1dc6e7e6f30a59c4f43a614c852ec9c1815c4a29975b5cfcfa1c787a56176611ab665c38e2f3c7e31c3e5790ca849c5f647db88252e85d6eec35c
SSDEEP

1536:RV6AagumBNEmkbFGSTCSjU9Fhtu3eGORR2XxxyT42meitOe32QOA:RC8BNgbAylQAeeH23itl32Qr

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2992 set thread context of 3272	2992	0ec18603df155c632418bcf14475df93.exe	20

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2992	0ec18603df155c632418bcf14475df93.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 3272	2992	0ec18603df155c632418bcf14475df93.exe	20
PID 2992 wrote to memory of 3272	2992	0ec18603df155c632418bcf14475df93.exe	20
PID 2992 wrote to memory of 3272	2992	0ec18603df155c632418bcf14475df93.exe	20
PID 2992 wrote to memory of 3272	2992	0ec18603df155c632418bcf14475df93.exe	20
PID 2992 wrote to memory of 3272	2992	0ec18603df155c632418bcf14475df93.exe	20
PID 2992 wrote to memory of 3272	2992	0ec18603df155c632418bcf14475df93.exe	20
PID 2992 wrote to memory of 3272	2992	0ec18603df155c632418bcf14475df93.exe	20

C:\Users\Admin\AppData\Local\Temp\0ec18603df155c632418bcf14475df93.exe
"C:\Users\Admin\AppData\Local\Temp\0ec18603df155c632418bcf14475df93.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Users\Admin\AppData\Local\Temp\0ec18603df155c632418bcf14475df93.exe
  "C:\Users\Admin\AppData\Local\Temp\0ec18603df155c632418bcf14475df93.exe"
  2⤵
  PID:3272

memory/2992-0-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/2992-6-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/3272-7-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/3272-8-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3272-5-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3272-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3272-10-0x0000000000410000-0x00000000004D9000-memory.dmp

Filesize
804KB

Download
memory/3272-9-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download