d2737d2e3eb538f4a108472b8fc027768c9d41118fa12022667e4e0059d5a982

Analysis

max time kernel
136s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 03:23

Target

f98f605e3c786e01e8d7f17461e8612e.exe
Size

308KB
MD5

f98f605e3c786e01e8d7f17461e8612e
SHA1

d8bcf3d88dd4a14d13865e0b5322016dcec7dc2d
SHA256

d2737d2e3eb538f4a108472b8fc027768c9d41118fa12022667e4e0059d5a982
SHA512

e159813e6f262c9b70cfb268f0db8541f71c54b6a94c0be591021cc61fd948855f24a7bdb75e9a075ef0be6991cf7b541190ba4d548af4b87a38f095bf51c086
SSDEEP

3072:lxUm75Fku3eKeJk21ZSJReOqlz+mErj+HyHnNVIPL/+ybbiGF+1u46Q7q303lU8O:fU8DkpP1oJ1qlzUWUNVIT/bbbIW09R

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3956	structures.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\several\structures.exe	f98f605e3c786e01e8d7f17461e8612e.exe
File opened for modification	C:\Program Files\several\structures.exe	f98f605e3c786e01e8d7f17461e8612e.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4800 wrote to memory of 3956	4800	f98f605e3c786e01e8d7f17461e8612e.exe	88
PID 4800 wrote to memory of 3956	4800	f98f605e3c786e01e8d7f17461e8612e.exe	88
PID 4800 wrote to memory of 3956	4800	f98f605e3c786e01e8d7f17461e8612e.exe	88

C:\Program Files\several\structures.exe

Filesize
308KB

MD5
248886c42d6a445a3358e97e4ab3ab9b

SHA1
9ae4b42f1331accbcb39aaa6bcdd3aba7115c38f

SHA256
a6af0aedc914a69809b59549e5434690d72264d547788e456f5b1219ed9c8f73

SHA512
73d29a9ca198d817844fbeb270c79149bb31d6f3ff0140a61e91864303b1a027b8231e7555138719555f3b87e48a7d025fef3794c667932e71f2bc2d1e13e234

Download Submit