e703be380b58e8d11c71ff13feda364a282aff36d18158a83cbfcf3661ffb384

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 05:06

Target

66c619c7b71ad03fd13feff8d853fb71.exe
Size

188KB
MD5

66c619c7b71ad03fd13feff8d853fb71
SHA1

71feae52fc4fab6195966c29883c5a4a7edc33ca
SHA256

e703be380b58e8d11c71ff13feda364a282aff36d18158a83cbfcf3661ffb384
SHA512

f8639d552544760c8fe65ea2496d5c3a54cf397997e2831476e6cee62cc4b297368cc6c51e8e85947c52a3976ee6325afe28ae9bfbad8c2848663f998fc5633f
SSDEEP

3072:S5gnSBllL2Nbl5jmutNPHZhJuT8r3dWmvEEF+GYu55xP2NJ0c7Qac9aLecWkorQD:CHBllLWbl5qutNHG8r8mM6+GYu57eccp

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2816 set thread context of 2884	2816	66c619c7b71ad03fd13feff8d853fb71.exe	28

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2816	66c619c7b71ad03fd13feff8d853fb71.exe
2884	66c619c7b71ad03fd13feff8d853fb71.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 2884	2816	66c619c7b71ad03fd13feff8d853fb71.exe	28
PID 2816 wrote to memory of 2884	2816	66c619c7b71ad03fd13feff8d853fb71.exe	28
PID 2816 wrote to memory of 2884	2816	66c619c7b71ad03fd13feff8d853fb71.exe	28
PID 2816 wrote to memory of 2884	2816	66c619c7b71ad03fd13feff8d853fb71.exe	28
PID 2816 wrote to memory of 2884	2816	66c619c7b71ad03fd13feff8d853fb71.exe	28
PID 2816 wrote to memory of 2884	2816	66c619c7b71ad03fd13feff8d853fb71.exe	28
PID 2816 wrote to memory of 2884	2816	66c619c7b71ad03fd13feff8d853fb71.exe	28
PID 2816 wrote to memory of 2884	2816	66c619c7b71ad03fd13feff8d853fb71.exe	28

C:\Users\Admin\AppData\Local\Temp\66c619c7b71ad03fd13feff8d853fb71.exe
"C:\Users\Admin\AppData\Local\Temp\66c619c7b71ad03fd13feff8d853fb71.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Users\Admin\AppData\Local\Temp\66c619c7b71ad03fd13feff8d853fb71.exe
  "C:\Users\Admin\AppData\Local\Temp\66c619c7b71ad03fd13feff8d853fb71.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2884

memory/2816-0-0x0000000000400000-0x000000000040AB7C-memory.dmp

Filesize
42KB

Download
memory/2816-15-0x0000000000400000-0x000000000040AB7C-memory.dmp

Filesize
42KB

Download
memory/2816-13-0x00000000001C0000-0x00000000001CB000-memory.dmp

Filesize
44KB

Download
memory/2884-4-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2884-6-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2884-8-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2884-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2884-12-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2884-16-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2884-19-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2884-20-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download