d03936d39a6d7da6d88d2f01adb4da3280ef1454a32c6bb0d978fe24b40ec535

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 05:07

Target

73cfc2c91d2808f32b8283717dceeb00.exe
Size

80KB
MD5

73cfc2c91d2808f32b8283717dceeb00
SHA1

60ba6b63b986e184ab4fb4263648ecb67cb613bf
SHA256

d03936d39a6d7da6d88d2f01adb4da3280ef1454a32c6bb0d978fe24b40ec535
SHA512

5de0c1c80831a4dc685d603e6b1a2dce40aee88ff29074c8f608335714318dc1ac50aaf9327f33dd38fecc17ac40289bb9d95f59bbeb256b1958cfa01c1517fb
SSDEEP

1536:BvBWn1ky6/UEAuciCQAAtF2EGEvt9f2ATgD7t61f6i1:U1k5UL3ijFDvt9f2ATgDZ61R1

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2028 set thread context of 2216	2028	73cfc2c91d2808f32b8283717dceeb00.exe	28

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2028	73cfc2c91d2808f32b8283717dceeb00.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2216	2028	73cfc2c91d2808f32b8283717dceeb00.exe	28
PID 2028 wrote to memory of 2216	2028	73cfc2c91d2808f32b8283717dceeb00.exe	28
PID 2028 wrote to memory of 2216	2028	73cfc2c91d2808f32b8283717dceeb00.exe	28
PID 2028 wrote to memory of 2216	2028	73cfc2c91d2808f32b8283717dceeb00.exe	28
PID 2028 wrote to memory of 2216	2028	73cfc2c91d2808f32b8283717dceeb00.exe	28
PID 2028 wrote to memory of 2216	2028	73cfc2c91d2808f32b8283717dceeb00.exe	28
PID 2028 wrote to memory of 2216	2028	73cfc2c91d2808f32b8283717dceeb00.exe	28
PID 2028 wrote to memory of 2216	2028	73cfc2c91d2808f32b8283717dceeb00.exe	28

C:\Users\Admin\AppData\Local\Temp\73cfc2c91d2808f32b8283717dceeb00.exe
"C:\Users\Admin\AppData\Local\Temp\73cfc2c91d2808f32b8283717dceeb00.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Users\Admin\AppData\Local\Temp\73cfc2c91d2808f32b8283717dceeb00.exe
  C:\Users\Admin\AppData\Local\Temp\73cfc2c91d2808f32b8283717dceeb00
  2⤵
  PID:2216

memory/2216-2-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2216-4-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2216-6-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2216-8-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2216-9-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2216-13-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2216-14-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2216-15-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2216-17-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download