4ee062c957e19d0e91aa688502d570e9600fe95fc70e833051f36c0c9d5c97d3

Analysis

max time kernel
148s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 04:12

Target

27a86e5d62597cab67a8ffa85d7c6b52.exe
Size

88KB
MD5

27a86e5d62597cab67a8ffa85d7c6b52
SHA1

9041f2cb58805e9c78cf3202f1be36ba8001a423
SHA256

4ee062c957e19d0e91aa688502d570e9600fe95fc70e833051f36c0c9d5c97d3
SHA512

733fd90bfaba88f8c6c3f1f5240f770c1d390a269f361f1686cf8cb80be1be8b226e4f3ca328ce2b57fcc323ccad290dcc4e0d7bc80490a142d4b79a025ce3d9
SSDEEP

1536:nLyFyOIQejZpvizShu3NRE4E1keFnAogk4i5:YyOI7VpvizShu3NRw94E

Score

8^/10

Drops file in Drivers directory 1 IoCs

Processes:

27a86e5d62597cab67a8ffa85d7c6b52.exe

description ioc process

File opened for modification \??\c:\windows\system32\drivers\etc\hosts 27a86e5d62597cab67a8ffa85d7c6b52.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

27a86e5d62597cab67a8ffa85d7c6b52.exe

description pid process target process

PID 976 set thread context of 224 976 27a86e5d62597cab67a8ffa85d7c6b52.exe 27a86e5d62597cab67a8ffa85d7c6b52.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

27a86e5d62597cab67a8ffa85d7c6b52.exe27a86e5d62597cab67a8ffa85d7c6b52.exe

pid process

976 27a86e5d62597cab67a8ffa85d7c6b52.exe
224 27a86e5d62597cab67a8ffa85d7c6b52.exe

description	ioc	process
File opened for modification	\??\c:\windows\system32\drivers\etc\hosts	27a86e5d62597cab67a8ffa85d7c6b52.exe

description	pid	process	target process
PID 976 set thread context of 224	976	27a86e5d62597cab67a8ffa85d7c6b52.exe	27a86e5d62597cab67a8ffa85d7c6b52.exe

pid	process
976	27a86e5d62597cab67a8ffa85d7c6b52.exe
224	27a86e5d62597cab67a8ffa85d7c6b52.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

27a86e5d62597cab67a8ffa85d7c6b52.exe

description	pid	process	target process
PID 976 wrote to memory of 224	976	27a86e5d62597cab67a8ffa85d7c6b52.exe	27a86e5d62597cab67a8ffa85d7c6b52.exe
PID 976 wrote to memory of 224	976	27a86e5d62597cab67a8ffa85d7c6b52.exe	27a86e5d62597cab67a8ffa85d7c6b52.exe
PID 976 wrote to memory of 224	976	27a86e5d62597cab67a8ffa85d7c6b52.exe	27a86e5d62597cab67a8ffa85d7c6b52.exe
PID 976 wrote to memory of 224	976	27a86e5d62597cab67a8ffa85d7c6b52.exe	27a86e5d62597cab67a8ffa85d7c6b52.exe
PID 976 wrote to memory of 224	976	27a86e5d62597cab67a8ffa85d7c6b52.exe	27a86e5d62597cab67a8ffa85d7c6b52.exe
PID 976 wrote to memory of 224	976	27a86e5d62597cab67a8ffa85d7c6b52.exe	27a86e5d62597cab67a8ffa85d7c6b52.exe
PID 976 wrote to memory of 224	976	27a86e5d62597cab67a8ffa85d7c6b52.exe	27a86e5d62597cab67a8ffa85d7c6b52.exe
PID 976 wrote to memory of 224	976	27a86e5d62597cab67a8ffa85d7c6b52.exe	27a86e5d62597cab67a8ffa85d7c6b52.exe

memory/224-2-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/224-4-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/224-7-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/224-9-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download