4d592caccd01097d67c85d1f51d0457aaada3252713b3441914c4831bfc82f92

Analysis

max time kernel
141s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2024, 09:09

Target

560c1636b807ecf99ee2c61c5cb4dd8c.exe
Size

56KB
MD5

560c1636b807ecf99ee2c61c5cb4dd8c
SHA1

7152645c509c0ec249fe305a92fa5fe48b2d869f
SHA256

4d592caccd01097d67c85d1f51d0457aaada3252713b3441914c4831bfc82f92
SHA512

7069d73b7ec46238f96a2dfd29f4521fc48242ff1c6cffe865737de01c53bf01a0a5030a2c39512e8ac0511e3e045f6bc268aba15e48ec8f86d3437b776c638e
SSDEEP

384:3SHLAC/oY06SKOIn6JZ79ppxmZT0M6/NrCBaZaslUntj:iHLAIoirn6D9dSxacFtj

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1040 set thread context of 1564	1040	560c1636b807ecf99ee2c61c5cb4dd8c.exe	17

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1040	560c1636b807ecf99ee2c61c5cb4dd8c.exe
1564	560c1636b807ecf99ee2c61c5cb4dd8c.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1040 wrote to memory of 1564	1040	560c1636b807ecf99ee2c61c5cb4dd8c.exe	17
PID 1040 wrote to memory of 1564	1040	560c1636b807ecf99ee2c61c5cb4dd8c.exe	17
PID 1040 wrote to memory of 1564	1040	560c1636b807ecf99ee2c61c5cb4dd8c.exe	17
PID 1040 wrote to memory of 1564	1040	560c1636b807ecf99ee2c61c5cb4dd8c.exe	17
PID 1040 wrote to memory of 1564	1040	560c1636b807ecf99ee2c61c5cb4dd8c.exe	17
PID 1040 wrote to memory of 1564	1040	560c1636b807ecf99ee2c61c5cb4dd8c.exe	17
PID 1040 wrote to memory of 1564	1040	560c1636b807ecf99ee2c61c5cb4dd8c.exe	17
PID 1040 wrote to memory of 1564	1040	560c1636b807ecf99ee2c61c5cb4dd8c.exe	17

C:\Users\Admin\AppData\Local\Temp\560c1636b807ecf99ee2c61c5cb4dd8c.exe
"C:\Users\Admin\AppData\Local\Temp\560c1636b807ecf99ee2c61c5cb4dd8c.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1040
- C:\Users\Admin\AppData\Local\Temp\560c1636b807ecf99ee2c61c5cb4dd8c.exe
  "C:\Users\Admin\AppData\Local\Temp\560c1636b807ecf99ee2c61c5cb4dd8c.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1564

memory/1564-4-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1564-2-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1564-7-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download