e33665fbb5bbec3acf4de00097290dad0acd2de65c083d45174667c07b3733db

Analysis

max time kernel
143s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 06:17

Target

10deefa00c9b2d9d8ea8ed8d53ff8997.exe
Size

436KB
MD5

10deefa00c9b2d9d8ea8ed8d53ff8997
SHA1

41a3157d9e04ee0f646563af002c1eadf2108daa
SHA256

e33665fbb5bbec3acf4de00097290dad0acd2de65c083d45174667c07b3733db
SHA512

25bae99f9444101facedd82b513425923c252a7251d6c41a5a272d6b1c3731838e1395f40788006df71b65344c2ab42976924574f249ae9250e4278512f86188
SSDEEP

384:Z2GpE3GtsFXjaKHfq4+RWMWYWcAI23H4WcNFyZZkC5cILhFYEF5YPCYWlvz9xcNX:Z2xGtsFza+Mqcmoq2shFYEFuPCt5L0X

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2028 set thread context of 2848	2028	10deefa00c9b2d9d8ea8ed8d53ff8997.exe	28

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2728	2848	WerFault.exe	28

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2028	10deefa00c9b2d9d8ea8ed8d53ff8997.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2848	2028	10deefa00c9b2d9d8ea8ed8d53ff8997.exe	28
PID 2028 wrote to memory of 2848	2028	10deefa00c9b2d9d8ea8ed8d53ff8997.exe	28
PID 2028 wrote to memory of 2848	2028	10deefa00c9b2d9d8ea8ed8d53ff8997.exe	28
PID 2028 wrote to memory of 2848	2028	10deefa00c9b2d9d8ea8ed8d53ff8997.exe	28
PID 2028 wrote to memory of 2848	2028	10deefa00c9b2d9d8ea8ed8d53ff8997.exe	28
PID 2028 wrote to memory of 2848	2028	10deefa00c9b2d9d8ea8ed8d53ff8997.exe	28
PID 2028 wrote to memory of 2848	2028	10deefa00c9b2d9d8ea8ed8d53ff8997.exe	28
PID 2028 wrote to memory of 2848	2028	10deefa00c9b2d9d8ea8ed8d53ff8997.exe	28
PID 2848 wrote to memory of 2728	2848	10deefa00c9b2d9d8ea8ed8d53ff8997.exe	29
PID 2848 wrote to memory of 2728	2848	10deefa00c9b2d9d8ea8ed8d53ff8997.exe	29
PID 2848 wrote to memory of 2728	2848	10deefa00c9b2d9d8ea8ed8d53ff8997.exe	29
PID 2848 wrote to memory of 2728	2848	10deefa00c9b2d9d8ea8ed8d53ff8997.exe	29

memory/2028-0-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2028-15-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2848-3-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/2848-5-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/2848-7-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/2848-8-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/2848-9-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2848-12-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/2848-14-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/2848-16-0x0000000000400000-0x0000000000402400-memory.dmp

Filesize
9KB

Download