21e707aea4f4d0e20509e9ec5d2b5ffde9c6162d9094323a33e58f5b06c18184

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 17:05

Target

7ef22bcf9d6423384337f228f742d434.exe
Size

292KB
MD5

7ef22bcf9d6423384337f228f742d434
SHA1

beab06be29ff2cff726778a29b10687b734f3909
SHA256

21e707aea4f4d0e20509e9ec5d2b5ffde9c6162d9094323a33e58f5b06c18184
SHA512

df5b6c2ec19a56efd4db05e7b21bf386b8871779390d0813c12012454a9f9cb5b6b6676c9eca7c2ef92b9b1b863cf733910ad0b7a1b8a07809f0b5b84f3f5f45
SSDEEP

3072:JkLca+56U04TkSncYwi47DlaEDhikYnZO/TIxM75QHPUk090C5mA:ASncYwi47D07CIxA5eMk090CT

Score

5^/10

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 3040 set thread context of 2748	3040	7ef22bcf9d6423384337f228f742d434.exe	16
PID 3040 set thread context of 0	3040	7ef22bcf9d6423384337f228f742d434.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3040	7ef22bcf9d6423384337f228f742d434.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2748	3040	7ef22bcf9d6423384337f228f742d434.exe	16
PID 3040 wrote to memory of 2748	3040	7ef22bcf9d6423384337f228f742d434.exe	16
PID 3040 wrote to memory of 2748	3040	7ef22bcf9d6423384337f228f742d434.exe	16
PID 3040 wrote to memory of 2748	3040	7ef22bcf9d6423384337f228f742d434.exe	16
PID 3040 wrote to memory of 2748	3040	7ef22bcf9d6423384337f228f742d434.exe	16
PID 3040 wrote to memory of 2748	3040	7ef22bcf9d6423384337f228f742d434.exe	16
PID 3040 wrote to memory of 2748	3040	7ef22bcf9d6423384337f228f742d434.exe	16
PID 3040 wrote to memory of 2748	3040	7ef22bcf9d6423384337f228f742d434.exe	16
PID 3040 wrote to memory of 0	3040	7ef22bcf9d6423384337f228f742d434.exe
PID 3040 wrote to memory of 0	3040	7ef22bcf9d6423384337f228f742d434.exe
PID 3040 wrote to memory of 0	3040	7ef22bcf9d6423384337f228f742d434.exe
PID 3040 wrote to memory of 0	3040	7ef22bcf9d6423384337f228f742d434.exe

C:\Users\Admin\AppData\Local\Temp\7ef22bcf9d6423384337f228f742d434.exe
"C:\Users\Admin\AppData\Local\Temp\7ef22bcf9d6423384337f228f742d434.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Users\Admin\AppData\Local\Temp\7ef22bcf9d6423384337f228f742d434.exe
  "C:\Users\Admin\AppData\Local\Temp\7ef22bcf9d6423384337f228f742d434.exe"
  2⤵
  PID:2748

memory/2748-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2748-6-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2748-9-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2748-7-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2748-12-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3040-0-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download
memory/3040-8-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download
memory/3040-5-0x0000000000350000-0x0000000000399000-memory.dmp

Filesize
292KB

Download