9605d8d85727e9f182789c208ec97d82e07dae94228d5741d0f1e35c4d94b4e3

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 01:48

Target

3f96863bb36a4ab7f2a7f52b8c2d673f.exe
Size

140KB
MD5

3f96863bb36a4ab7f2a7f52b8c2d673f
SHA1

1411e45b62d03178e8f652c8ef4a95d5254b0046
SHA256

9605d8d85727e9f182789c208ec97d82e07dae94228d5741d0f1e35c4d94b4e3
SHA512

028b3852fd2b8d23975dcb92f58443a5e574cfaa6d6a677c0121582709098d1133f140d2187384408642fc4e7d51efbf916d90abfd42015f3f03647deffbfe7b
SSDEEP

3072:D+jf387gCyzROwYox9r98hS5a39OGgMQ0EH1m1BF:DqegCEROwTo9/g1/AZ

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2360 set thread context of 1580	2360	3f96863bb36a4ab7f2a7f52b8c2d673f.exe	14

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2360	3f96863bb36a4ab7f2a7f52b8c2d673f.exe
1580	3f96863bb36a4ab7f2a7f52b8c2d673f.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 1580	2360	3f96863bb36a4ab7f2a7f52b8c2d673f.exe	14
PID 2360 wrote to memory of 1580	2360	3f96863bb36a4ab7f2a7f52b8c2d673f.exe	14
PID 2360 wrote to memory of 1580	2360	3f96863bb36a4ab7f2a7f52b8c2d673f.exe	14
PID 2360 wrote to memory of 1580	2360	3f96863bb36a4ab7f2a7f52b8c2d673f.exe	14
PID 2360 wrote to memory of 1580	2360	3f96863bb36a4ab7f2a7f52b8c2d673f.exe	14
PID 2360 wrote to memory of 1580	2360	3f96863bb36a4ab7f2a7f52b8c2d673f.exe	14
PID 2360 wrote to memory of 1580	2360	3f96863bb36a4ab7f2a7f52b8c2d673f.exe	14
PID 2360 wrote to memory of 1580	2360	3f96863bb36a4ab7f2a7f52b8c2d673f.exe	14
PID 2360 wrote to memory of 1580	2360	3f96863bb36a4ab7f2a7f52b8c2d673f.exe	14

C:\Users\Admin\AppData\Local\Temp\3f96863bb36a4ab7f2a7f52b8c2d673f.exe
"C:\Users\Admin\AppData\Local\Temp\3f96863bb36a4ab7f2a7f52b8c2d673f.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Users\Admin\AppData\Local\Temp\3f96863bb36a4ab7f2a7f52b8c2d673f.exe
  C:\Users\Admin\AppData\Local\Temp\3f96863bb36a4ab7f2a7f52b8c2d673f.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1580

memory/1580-7-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1580-21-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1580-18-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1580-15-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1580-13-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1580-9-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1580-5-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1580-23-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2360-0-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2360-1-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2360-17-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2360-4-0x00000000003B0000-0x00000000003ED000-memory.dmp

Filesize
244KB

Download