98ce6e98870d353486eb61fff8a58e4c31ac9add4f431c06ea528c295a8e2178

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 07:59

Target

45b31ca52bcb95d837ee0a5ea35692ff.exe
Size

158KB
MD5

45b31ca52bcb95d837ee0a5ea35692ff
SHA1

ca63b715c56ae357a72cd34b711249c118d0e7e4
SHA256

98ce6e98870d353486eb61fff8a58e4c31ac9add4f431c06ea528c295a8e2178
SHA512

930baa503e9076c052cad319da8220bb8597ef878b8a0f964a29a7feceb2dccaa6f40dc3be439e396503f701b98a2d46696315c51a5513144b6a2702784506e5
SSDEEP

3072:Dnjh77kmEF7MF7x4MOjuq036peklnHnmi/GDJIjGd72eHih3NeKNsQhaYq:DJ7klSFtUNcktf/GDuy24Y3NeIJ8P

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3036 set thread context of 2928	3036	45b31ca52bcb95d837ee0a5ea35692ff.exe	28

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3036	45b31ca52bcb95d837ee0a5ea35692ff.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 2928	3036	45b31ca52bcb95d837ee0a5ea35692ff.exe	28
PID 3036 wrote to memory of 2928	3036	45b31ca52bcb95d837ee0a5ea35692ff.exe	28
PID 3036 wrote to memory of 2928	3036	45b31ca52bcb95d837ee0a5ea35692ff.exe	28
PID 3036 wrote to memory of 2928	3036	45b31ca52bcb95d837ee0a5ea35692ff.exe	28
PID 3036 wrote to memory of 2928	3036	45b31ca52bcb95d837ee0a5ea35692ff.exe	28
PID 3036 wrote to memory of 2928	3036	45b31ca52bcb95d837ee0a5ea35692ff.exe	28
PID 3036 wrote to memory of 2928	3036	45b31ca52bcb95d837ee0a5ea35692ff.exe	28
PID 3036 wrote to memory of 2928	3036	45b31ca52bcb95d837ee0a5ea35692ff.exe	28
PID 3036 wrote to memory of 2928	3036	45b31ca52bcb95d837ee0a5ea35692ff.exe	28

C:\Users\Admin\AppData\Local\Temp\45b31ca52bcb95d837ee0a5ea35692ff.exe
"C:\Users\Admin\AppData\Local\Temp\45b31ca52bcb95d837ee0a5ea35692ff.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Users\Admin\AppData\Local\Temp\45b31ca52bcb95d837ee0a5ea35692ff.exe
  "C:\Users\Admin\AppData\Local\Temp\45b31ca52bcb95d837ee0a5ea35692ff.exe"
  2⤵
  PID:2928

memory/2928-3-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2928-5-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2928-7-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2928-9-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2928-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2928-13-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2928-14-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2928-16-0x0000000000400000-0x000000000041F800-memory.dmp

Filesize
126KB

Download