d5ed3cff6afee8e2dd1bb488b7555d1fda964c0090843ca0e36df227f17c6d96

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
17/01/2024, 18:39

Target

6350a55e0fd0639330290a532578850c.exe
Size

30KB
MD5

6350a55e0fd0639330290a532578850c
SHA1

83531a087260dcba3cdcf205793427b24fdafcb7
SHA256

d5ed3cff6afee8e2dd1bb488b7555d1fda964c0090843ca0e36df227f17c6d96
SHA512

f930d70ebfd6f442003e5cb668467a7572402e4b5c4065c02a1deafd167261fcd2bb69b2cc8d47d6af9fb0b83773c80948c33af63619f4ae595748c904081c32
SSDEEP

768:DLOM/0mEl5PhbiktxtuLGRVDna6be+Lp6JzJ:DLF/El5p+AuLJmgJ

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
344	tmp.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
840	6350a55e0fd0639330290a532578850c.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 840 wrote to memory of 344	840	6350a55e0fd0639330290a532578850c.exe	89
PID 840 wrote to memory of 344	840	6350a55e0fd0639330290a532578850c.exe	89
PID 840 wrote to memory of 344	840	6350a55e0fd0639330290a532578850c.exe	89

C:\Users\Admin\AppData\Local\Temp\6350a55e0fd0639330290a532578850c.exe
"C:\Users\Admin\AppData\Local\Temp\6350a55e0fd0639330290a532578850c.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:840
- C:\Users\Admin\AppData\Local\Temp\tmp.exe
  C:\Users\Admin\AppData\Local\Temp\tmp.exe
  2⤵
  - Executes dropped EXE
  PID:344

C:\Users\Admin\AppData\Local\Temp\tmp.exe

Filesize
6KB

MD5
c920288270d2738861e3903fde191bde

SHA1
674cb062ba1f0109e7b0a042f396c80647309b11

SHA256
6e44d72104408d8e03009ed014b2dc73542f7d3fefd9f60551bb452446e512d0

SHA512
282a7ce175b84d6a1ebc4834505909a53be19a4e32d4c68e35b239eb6331478f4ddb77936d45960e8fe084af30b3b4be042ea0122096b59f8589e54315a2b32a

Download Submit
memory/344-6-0x0000000000400000-0x0000000000401800-memory.dmp

Filesize
6KB

Download