f3530763062438ad19fad3a5397d85a59fe61069f0c4aa7a8336e578240f4397

Analysis

max time kernel
4s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 23:15

Target

1fae26a5c8aac3ac2adb00f94ae00bfd.exe
Size

5.8MB
MD5

1fae26a5c8aac3ac2adb00f94ae00bfd
SHA1

25b85bf87e0941087e61a16ee1713727523a3075
SHA256

f3530763062438ad19fad3a5397d85a59fe61069f0c4aa7a8336e578240f4397
SHA512

13d9f77247946f7309ac6fd1fca6cab024797bbd068c2800a08b5b515e56123b34ac09b1f264f8a2ffefd0785e89d67a7cf185819b42f41809e643f457867110
SSDEEP

49152:bzeo6U+YJJbce5QSb0wtxmH7aCDoD1rTrWvKYgbsT4AvCB7Jcyq/FBGS26iK+V5F:bzeoDRJ/WoD1rH1/nlpsuaZXK6u

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 884 set thread context of 1508	884	1fae26a5c8aac3ac2adb00f94ae00bfd.exe	91

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1508	1fae26a5c8aac3ac2adb00f94ae00bfd.exe
1508	1fae26a5c8aac3ac2adb00f94ae00bfd.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1508	1fae26a5c8aac3ac2adb00f94ae00bfd.exe
1508	1fae26a5c8aac3ac2adb00f94ae00bfd.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 884 wrote to memory of 1508	884	1fae26a5c8aac3ac2adb00f94ae00bfd.exe	91
PID 884 wrote to memory of 1508	884	1fae26a5c8aac3ac2adb00f94ae00bfd.exe	91
PID 884 wrote to memory of 1508	884	1fae26a5c8aac3ac2adb00f94ae00bfd.exe	91
PID 884 wrote to memory of 1508	884	1fae26a5c8aac3ac2adb00f94ae00bfd.exe	91
PID 884 wrote to memory of 1508	884	1fae26a5c8aac3ac2adb00f94ae00bfd.exe	91
PID 884 wrote to memory of 1508	884	1fae26a5c8aac3ac2adb00f94ae00bfd.exe	91
PID 884 wrote to memory of 1508	884	1fae26a5c8aac3ac2adb00f94ae00bfd.exe	91
PID 884 wrote to memory of 1508	884	1fae26a5c8aac3ac2adb00f94ae00bfd.exe	91
PID 884 wrote to memory of 1508	884	1fae26a5c8aac3ac2adb00f94ae00bfd.exe	91
PID 884 wrote to memory of 1508	884	1fae26a5c8aac3ac2adb00f94ae00bfd.exe	91
PID 884 wrote to memory of 1508	884	1fae26a5c8aac3ac2adb00f94ae00bfd.exe	91
PID 884 wrote to memory of 1508	884	1fae26a5c8aac3ac2adb00f94ae00bfd.exe	91
PID 884 wrote to memory of 1508	884	1fae26a5c8aac3ac2adb00f94ae00bfd.exe	91
PID 884 wrote to memory of 1508	884	1fae26a5c8aac3ac2adb00f94ae00bfd.exe	91
PID 884 wrote to memory of 1508	884	1fae26a5c8aac3ac2adb00f94ae00bfd.exe	91
PID 884 wrote to memory of 1508	884	1fae26a5c8aac3ac2adb00f94ae00bfd.exe	91
PID 884 wrote to memory of 1508	884	1fae26a5c8aac3ac2adb00f94ae00bfd.exe	91

memory/884-0-0x0000000002910000-0x0000000002911000-memory.dmp

Filesize
4KB

Download
memory/884-6-0x0000000000400000-0x00000000009CC000-memory.dmp

Filesize
5.8MB

Download
memory/1508-1-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/1508-4-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/1508-5-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/1508-7-0x0000000000E00000-0x0000000000E01000-memory.dmp

Filesize
4KB

Download
memory/1508-2-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/1508-8-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/1508-9-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/1508-10-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/1508-12-0x0000000000E00000-0x0000000000E01000-memory.dmp

Filesize
4KB

Download