233cba6459f76f2a559e87b4833a8e4d48434bc467d8d71f0111e7061206c51e

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 15:39

Target

7986761c4143d125e67d931d6804d68f.exe
Size

464KB
MD5

7986761c4143d125e67d931d6804d68f
SHA1

fe4908fdd841705a339e126dea84e22d976b3aab
SHA256

233cba6459f76f2a559e87b4833a8e4d48434bc467d8d71f0111e7061206c51e
SHA512

bc4ae852b5b7455927b6a4a1d8975b59ed01b504c67c8b713567e76103b276f751f79d5e66a45a2584c51842e302ed5d680cf8ee44f7595417fc3e7789cf8804
SSDEEP

6144:mZwXZwxEZwMuHgaN8ONBY3rNM5mvtlTMdDZwz:mipQHD8ONO3rO5KsA

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2036 set thread context of 532	2036	7986761c4143d125e67d931d6804d68f.exe	28

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
532	7986761c4143d125e67d931d6804d68f.exe
532	7986761c4143d125e67d931d6804d68f.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2036	7986761c4143d125e67d931d6804d68f.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 532	2036	7986761c4143d125e67d931d6804d68f.exe	28
PID 2036 wrote to memory of 532	2036	7986761c4143d125e67d931d6804d68f.exe	28
PID 2036 wrote to memory of 532	2036	7986761c4143d125e67d931d6804d68f.exe	28
PID 2036 wrote to memory of 532	2036	7986761c4143d125e67d931d6804d68f.exe	28
PID 2036 wrote to memory of 532	2036	7986761c4143d125e67d931d6804d68f.exe	28
PID 2036 wrote to memory of 532	2036	7986761c4143d125e67d931d6804d68f.exe	28
PID 2036 wrote to memory of 532	2036	7986761c4143d125e67d931d6804d68f.exe	28
PID 2036 wrote to memory of 532	2036	7986761c4143d125e67d931d6804d68f.exe	28
PID 532 wrote to memory of 1232	532	7986761c4143d125e67d931d6804d68f.exe	18
PID 532 wrote to memory of 1232	532	7986761c4143d125e67d931d6804d68f.exe	18
PID 532 wrote to memory of 1232	532	7986761c4143d125e67d931d6804d68f.exe	18
PID 532 wrote to memory of 1232	532	7986761c4143d125e67d931d6804d68f.exe	18

memory/532-2-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/532-3-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/532-5-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/532-6-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/532-7-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/532-21-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/532-22-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1232-8-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1232-11-0x000000007EFD0000-0x000000007EFD1000-memory.dmp

Filesize
4KB

Download