67994db920520941ed13f3f57c1c81b46a8863ee3df378f84d8ef7e617ec6f35

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 18:06

Target

0007d15ce9ab992ee1af0dafd0c7871c.exe
Size

224KB
MD5

0007d15ce9ab992ee1af0dafd0c7871c
SHA1

22ec0d3e7192f2efdba4ccd663e5efe051afc17e
SHA256

67994db920520941ed13f3f57c1c81b46a8863ee3df378f84d8ef7e617ec6f35
SHA512

02f71c3aeb0c01f1f9ff1b63ce17c0c69dbcd24f0188282f2b9d235cb87d1382762022a4299fc3512e5623d9c99ebb65d42311a61931d38e6c79ee2c57b97bc0
SSDEEP

3072:CTQuC2ixjC/aFVjMH9XlYceC0hBfI4gDNTO80i2PAsoVye3CVdUMlKp:/nVcQjMH96cenBfI4CNq3nPw3CVYp

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1368 set thread context of 1940	1368	0007d15ce9ab992ee1af0dafd0c7871c.exe	28

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1940	0007d15ce9ab992ee1af0dafd0c7871c.exe
1940	0007d15ce9ab992ee1af0dafd0c7871c.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1368	0007d15ce9ab992ee1af0dafd0c7871c.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 1940	1368	0007d15ce9ab992ee1af0dafd0c7871c.exe	28
PID 1368 wrote to memory of 1940	1368	0007d15ce9ab992ee1af0dafd0c7871c.exe	28
PID 1368 wrote to memory of 1940	1368	0007d15ce9ab992ee1af0dafd0c7871c.exe	28
PID 1368 wrote to memory of 1940	1368	0007d15ce9ab992ee1af0dafd0c7871c.exe	28
PID 1368 wrote to memory of 1940	1368	0007d15ce9ab992ee1af0dafd0c7871c.exe	28
PID 1368 wrote to memory of 1940	1368	0007d15ce9ab992ee1af0dafd0c7871c.exe	28
PID 1368 wrote to memory of 1940	1368	0007d15ce9ab992ee1af0dafd0c7871c.exe	28
PID 1368 wrote to memory of 1940	1368	0007d15ce9ab992ee1af0dafd0c7871c.exe	28
PID 1940 wrote to memory of 1260	1940	0007d15ce9ab992ee1af0dafd0c7871c.exe	7
PID 1940 wrote to memory of 1260	1940	0007d15ce9ab992ee1af0dafd0c7871c.exe	7
PID 1940 wrote to memory of 1260	1940	0007d15ce9ab992ee1af0dafd0c7871c.exe	7
PID 1940 wrote to memory of 1260	1940	0007d15ce9ab992ee1af0dafd0c7871c.exe	7

memory/1260-10-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1260-14-0x000000007EFD0000-0x000000007EFD1000-memory.dmp

Filesize
4KB

Download
memory/1368-1-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1368-5-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1940-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1940-7-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/1940-6-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1940-8-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1940-13-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1940-25-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download