4d592caccd01097d67c85d1f51d0457aaada3252713b3441914c4831bfc82f92

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 09:09

Target

560c1636b807ecf99ee2c61c5cb4dd8c.exe
Size

56KB
MD5

560c1636b807ecf99ee2c61c5cb4dd8c
SHA1

7152645c509c0ec249fe305a92fa5fe48b2d869f
SHA256

4d592caccd01097d67c85d1f51d0457aaada3252713b3441914c4831bfc82f92
SHA512

7069d73b7ec46238f96a2dfd29f4521fc48242ff1c6cffe865737de01c53bf01a0a5030a2c39512e8ac0511e3e045f6bc268aba15e48ec8f86d3437b776c638e
SSDEEP

384:3SHLAC/oY06SKOIn6JZ79ppxmZT0M6/NrCBaZaslUntj:iHLAIoirn6D9dSxacFtj

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3032 set thread context of 1956	3032	560c1636b807ecf99ee2c61c5cb4dd8c.exe	28

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3032	560c1636b807ecf99ee2c61c5cb4dd8c.exe
1956	560c1636b807ecf99ee2c61c5cb4dd8c.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 1956	3032	560c1636b807ecf99ee2c61c5cb4dd8c.exe	28
PID 3032 wrote to memory of 1956	3032	560c1636b807ecf99ee2c61c5cb4dd8c.exe	28
PID 3032 wrote to memory of 1956	3032	560c1636b807ecf99ee2c61c5cb4dd8c.exe	28
PID 3032 wrote to memory of 1956	3032	560c1636b807ecf99ee2c61c5cb4dd8c.exe	28
PID 3032 wrote to memory of 1956	3032	560c1636b807ecf99ee2c61c5cb4dd8c.exe	28
PID 3032 wrote to memory of 1956	3032	560c1636b807ecf99ee2c61c5cb4dd8c.exe	28
PID 3032 wrote to memory of 1956	3032	560c1636b807ecf99ee2c61c5cb4dd8c.exe	28
PID 3032 wrote to memory of 1956	3032	560c1636b807ecf99ee2c61c5cb4dd8c.exe	28
PID 3032 wrote to memory of 1956	3032	560c1636b807ecf99ee2c61c5cb4dd8c.exe	28

C:\Users\Admin\AppData\Local\Temp\560c1636b807ecf99ee2c61c5cb4dd8c.exe
"C:\Users\Admin\AppData\Local\Temp\560c1636b807ecf99ee2c61c5cb4dd8c.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Users\Admin\AppData\Local\Temp\560c1636b807ecf99ee2c61c5cb4dd8c.exe
  "C:\Users\Admin\AppData\Local\Temp\560c1636b807ecf99ee2c61c5cb4dd8c.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1956

memory/1956-2-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1956-4-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1956-7-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1956-8-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download