71588216d067a7a4a68a20e254e092a7b9af7a8257a5635ffdb156d4ddc83285

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 12:47

Target

6f9ca05488507f4a66537a02ea081f72.exe
Size

146KB
MD5

6f9ca05488507f4a66537a02ea081f72
SHA1

6f05213eb71a47208d018fee3a6bfcb8fa75e64c
SHA256

71588216d067a7a4a68a20e254e092a7b9af7a8257a5635ffdb156d4ddc83285
SHA512

375c64e201ab6dffba7a45e0d0196c4ee057206148ad4f1a9a7e9ad48cf48b49bb2c61f60121f443cda67218dc87ca027dd66a7a409aa0c17c9eb78d743f9cb7
SSDEEP

1536:vx2QlC7NudFiob7y1UH/x33KhIzF/eE7iG/hVg1/hrOGrLIEiRNsdkSd9w4wn37z:p2QlCX1UH/HuFqNMXqTKaPRYLqfyOpv

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2024 set thread context of 1876	2024	6f9ca05488507f4a66537a02ea081f72.exe	28

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1876	6f9ca05488507f4a66537a02ea081f72.exe
1876	6f9ca05488507f4a66537a02ea081f72.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2024	6f9ca05488507f4a66537a02ea081f72.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 1876	2024	6f9ca05488507f4a66537a02ea081f72.exe	28
PID 2024 wrote to memory of 1876	2024	6f9ca05488507f4a66537a02ea081f72.exe	28
PID 2024 wrote to memory of 1876	2024	6f9ca05488507f4a66537a02ea081f72.exe	28
PID 2024 wrote to memory of 1876	2024	6f9ca05488507f4a66537a02ea081f72.exe	28
PID 2024 wrote to memory of 1876	2024	6f9ca05488507f4a66537a02ea081f72.exe	28
PID 2024 wrote to memory of 1876	2024	6f9ca05488507f4a66537a02ea081f72.exe	28
PID 2024 wrote to memory of 1876	2024	6f9ca05488507f4a66537a02ea081f72.exe	28
PID 2024 wrote to memory of 1876	2024	6f9ca05488507f4a66537a02ea081f72.exe	28
PID 2024 wrote to memory of 1876	2024	6f9ca05488507f4a66537a02ea081f72.exe	28
PID 2024 wrote to memory of 1876	2024	6f9ca05488507f4a66537a02ea081f72.exe	28
PID 2024 wrote to memory of 1876	2024	6f9ca05488507f4a66537a02ea081f72.exe	28
PID 1876 wrote to memory of 1144	1876	6f9ca05488507f4a66537a02ea081f72.exe	14
PID 1876 wrote to memory of 1144	1876	6f9ca05488507f4a66537a02ea081f72.exe	14
PID 1876 wrote to memory of 1144	1876	6f9ca05488507f4a66537a02ea081f72.exe	14
PID 1876 wrote to memory of 1144	1876	6f9ca05488507f4a66537a02ea081f72.exe	14

memory/1144-24-0x000000007EFD0000-0x000000007EFD1000-memory.dmp

Filesize
4KB

Download
memory/1144-20-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1876-14-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1876-8-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1876-10-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1876-12-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1876-2-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1876-16-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1876-18-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1876-19-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1876-23-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1876-6-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1876-4-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1876-33-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download