6c051434a0d236800599c48b34e9cdd5577daac30fa0e4c53cdf86e50cf2326b

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 05:37

Target

482b4e2aeaffaaabce67260d81a5d432.exe
Size

260KB
MD5

482b4e2aeaffaaabce67260d81a5d432
SHA1

01954419b9b377819b15f203fff89d81c2035084
SHA256

6c051434a0d236800599c48b34e9cdd5577daac30fa0e4c53cdf86e50cf2326b
SHA512

ae105c5df57910705491ee413c4d6b18c8c77f0374aa0a520a948e7c82b32d4930a56a62c169680ebc1b0d07952d59b328ee2d08cff6369bf9c82e5c3cf8e42e
SSDEEP

3072:Fmr+otohYkQr0jeLwJr95lJoyc6V1kypdxPUohYkQr0jxLwJr95rJozLQ4f9:FWYYQqLwhHlWyRDxBYQ9LwhHrW44l

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2784 set thread context of 2932	2784	482b4e2aeaffaaabce67260d81a5d432.exe	16

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2784	482b4e2aeaffaaabce67260d81a5d432.exe
2932	482b4e2aeaffaaabce67260d81a5d432.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 2932	2784	482b4e2aeaffaaabce67260d81a5d432.exe	16
PID 2784 wrote to memory of 2932	2784	482b4e2aeaffaaabce67260d81a5d432.exe	16
PID 2784 wrote to memory of 2932	2784	482b4e2aeaffaaabce67260d81a5d432.exe	16
PID 2784 wrote to memory of 2932	2784	482b4e2aeaffaaabce67260d81a5d432.exe	16
PID 2784 wrote to memory of 2932	2784	482b4e2aeaffaaabce67260d81a5d432.exe	16
PID 2784 wrote to memory of 2932	2784	482b4e2aeaffaaabce67260d81a5d432.exe	16
PID 2784 wrote to memory of 2932	2784	482b4e2aeaffaaabce67260d81a5d432.exe	16
PID 2784 wrote to memory of 2932	2784	482b4e2aeaffaaabce67260d81a5d432.exe	16
PID 2784 wrote to memory of 2932	2784	482b4e2aeaffaaabce67260d81a5d432.exe	16

C:\Users\Admin\AppData\Local\Temp\482b4e2aeaffaaabce67260d81a5d432.exe
"C:\Users\Admin\AppData\Local\Temp\482b4e2aeaffaaabce67260d81a5d432.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Users\Admin\AppData\Local\Temp\482b4e2aeaffaaabce67260d81a5d432.exe
  C:\Users\Admin\AppData\Local\Temp\482b4e2aeaffaaabce67260d81a5d432.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2932

memory/2932-2-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2932-7-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2932-4-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download