71588216d067a7a4a68a20e254e092a7b9af7a8257a5635ffdb156d4ddc83285

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 12:47

Target

6f9ca05488507f4a66537a02ea081f72.exe
Size

146KB
MD5

6f9ca05488507f4a66537a02ea081f72
SHA1

6f05213eb71a47208d018fee3a6bfcb8fa75e64c
SHA256

71588216d067a7a4a68a20e254e092a7b9af7a8257a5635ffdb156d4ddc83285
SHA512

375c64e201ab6dffba7a45e0d0196c4ee057206148ad4f1a9a7e9ad48cf48b49bb2c61f60121f443cda67218dc87ca027dd66a7a409aa0c17c9eb78d743f9cb7
SSDEEP

1536:vx2QlC7NudFiob7y1UH/x33KhIzF/eE7iG/hVg1/hrOGrLIEiRNsdkSd9w4wn37z:p2QlCX1UH/HuFqNMXqTKaPRYLqfyOpv

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3840 set thread context of 5056	3840	6f9ca05488507f4a66537a02ea081f72.exe	89

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3840	6f9ca05488507f4a66537a02ea081f72.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 3840 wrote to memory of 5056	3840	6f9ca05488507f4a66537a02ea081f72.exe	89
PID 3840 wrote to memory of 5056	3840	6f9ca05488507f4a66537a02ea081f72.exe	89
PID 3840 wrote to memory of 5056	3840	6f9ca05488507f4a66537a02ea081f72.exe	89
PID 3840 wrote to memory of 5056	3840	6f9ca05488507f4a66537a02ea081f72.exe	89
PID 3840 wrote to memory of 5056	3840	6f9ca05488507f4a66537a02ea081f72.exe	89
PID 3840 wrote to memory of 5056	3840	6f9ca05488507f4a66537a02ea081f72.exe	89
PID 3840 wrote to memory of 5056	3840	6f9ca05488507f4a66537a02ea081f72.exe	89
PID 3840 wrote to memory of 5056	3840	6f9ca05488507f4a66537a02ea081f72.exe	89
PID 3840 wrote to memory of 5056	3840	6f9ca05488507f4a66537a02ea081f72.exe	89
PID 3840 wrote to memory of 5056	3840	6f9ca05488507f4a66537a02ea081f72.exe	89
PID 3840 wrote to memory of 5056	3840	6f9ca05488507f4a66537a02ea081f72.exe	89
PID 5056 wrote to memory of 3520	5056	6f9ca05488507f4a66537a02ea081f72.exe	51
PID 5056 wrote to memory of 3520	5056	6f9ca05488507f4a66537a02ea081f72.exe	51
PID 5056 wrote to memory of 3520	5056	6f9ca05488507f4a66537a02ea081f72.exe	51
PID 5056 wrote to memory of 3520	5056	6f9ca05488507f4a66537a02ea081f72.exe	51

memory/3520-7-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/3520-8-0x000000007FFD0000-0x000000007FFD1000-memory.dmp

Filesize
4KB

Download
memory/5056-2-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/5056-5-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/5056-4-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/5056-6-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/5056-11-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/5056-13-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download