66e214dc1be37b684a7c4bc4019ccc969276d4a9bbb33f178da1e4be0025aa5d

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 20:14

Target

3dc7c6be3f52b0085d638cf697cbf5a8.exe
Size

36KB
MD5

3dc7c6be3f52b0085d638cf697cbf5a8
SHA1

d8dd2bceb212c3aa0705a299c68e00bee0a90386
SHA256

66e214dc1be37b684a7c4bc4019ccc969276d4a9bbb33f178da1e4be0025aa5d
SHA512

0e81cb930c16aa1e48ea0d6aa42f8eb665862490cada07ef8e7e9ef481de1efc7da44ccc2dbc03a243a1e6829e23757c2aad4536768bd2d1d2ed0425e2054d4c
SSDEEP

768:BLlqpWmqNebg3lMXHPJgSrOP5UcEOwYYd/N/h0mlFZVQrjWK:xlqpWmIebIlM3PWS8U6uZ00Qr

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2392 set thread context of 2000	2392	3dc7c6be3f52b0085d638cf697cbf5a8.exe	20

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2392	3dc7c6be3f52b0085d638cf697cbf5a8.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 2000	2392	3dc7c6be3f52b0085d638cf697cbf5a8.exe	20
PID 2392 wrote to memory of 2000	2392	3dc7c6be3f52b0085d638cf697cbf5a8.exe	20
PID 2392 wrote to memory of 2000	2392	3dc7c6be3f52b0085d638cf697cbf5a8.exe	20
PID 2392 wrote to memory of 2000	2392	3dc7c6be3f52b0085d638cf697cbf5a8.exe	20
PID 2392 wrote to memory of 2000	2392	3dc7c6be3f52b0085d638cf697cbf5a8.exe	20
PID 2392 wrote to memory of 2000	2392	3dc7c6be3f52b0085d638cf697cbf5a8.exe	20
PID 2392 wrote to memory of 2000	2392	3dc7c6be3f52b0085d638cf697cbf5a8.exe	20
PID 2392 wrote to memory of 2000	2392	3dc7c6be3f52b0085d638cf697cbf5a8.exe	20
PID 2392 wrote to memory of 2000	2392	3dc7c6be3f52b0085d638cf697cbf5a8.exe	20

C:\Users\Admin\AppData\Local\Temp\3dc7c6be3f52b0085d638cf697cbf5a8.exe
"C:\Users\Admin\AppData\Local\Temp\3dc7c6be3f52b0085d638cf697cbf5a8.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Users\Admin\AppData\Local\Temp\3dc7c6be3f52b0085d638cf697cbf5a8.exe
  "C:\Users\Admin\AppData\Local\Temp\3dc7c6be3f52b0085d638cf697cbf5a8.exe"
  2⤵
  PID:2000

memory/2000-11-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download
memory/2000-18-0x0000000000400000-0x0000000000403200-memory.dmp

Filesize
12KB

Download
memory/2000-16-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download
memory/2000-15-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download
memory/2000-13-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2000-9-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download
memory/2000-6-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download
memory/2000-4-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download
memory/2392-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2392-19-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2392-7-0x0000000000490000-0x000000000049C000-memory.dmp

Filesize
48KB

Download