bb3f788e84856d44c8cb984064ee00d2e7fe78c53d9a53b8b3284e981b73a8a7

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 16:39

Target

74fcf987ce612e29e97ed47605095221.exe
Size

79KB
MD5

74fcf987ce612e29e97ed47605095221
SHA1

7f3d36201b005d9502b7766e095185d312f28d88
SHA256

bb3f788e84856d44c8cb984064ee00d2e7fe78c53d9a53b8b3284e981b73a8a7
SHA512

4766d255955682bf65da63e7cc9a6174dd48855abe6afa6a933eaa0c9642f165e4ec588f14c6f16592c9c9206d5adee5f62ffae7fa397b7b17719392a66ee286
SSDEEP

1536:1ohT+6HroN6WrRr1KA2kivGDHdDHnvraiMlsrtes:uSScsCyu5DHvrKS5

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

74fcf987ce612e29e97ed47605095221.exe

description pid process target process

PID 2200 set thread context of 2208 2200 74fcf987ce612e29e97ed47605095221.exe 74fcf987ce612e29e97ed47605095221.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

74fcf987ce612e29e97ed47605095221.exe74fcf987ce612e29e97ed47605095221.exe

pid process

2200 74fcf987ce612e29e97ed47605095221.exe
2208 74fcf987ce612e29e97ed47605095221.exe
2208 74fcf987ce612e29e97ed47605095221.exe

description	pid	process	target process
PID 2200 set thread context of 2208	2200	74fcf987ce612e29e97ed47605095221.exe	74fcf987ce612e29e97ed47605095221.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

74fcf987ce612e29e97ed47605095221.exe

description	pid	process	target process
PID 2200 wrote to memory of 2208	2200	74fcf987ce612e29e97ed47605095221.exe	74fcf987ce612e29e97ed47605095221.exe
PID 2200 wrote to memory of 2208	2200	74fcf987ce612e29e97ed47605095221.exe	74fcf987ce612e29e97ed47605095221.exe
PID 2200 wrote to memory of 2208	2200	74fcf987ce612e29e97ed47605095221.exe	74fcf987ce612e29e97ed47605095221.exe
PID 2200 wrote to memory of 2208	2200	74fcf987ce612e29e97ed47605095221.exe	74fcf987ce612e29e97ed47605095221.exe
PID 2200 wrote to memory of 2208	2200	74fcf987ce612e29e97ed47605095221.exe	74fcf987ce612e29e97ed47605095221.exe
PID 2200 wrote to memory of 2208	2200	74fcf987ce612e29e97ed47605095221.exe	74fcf987ce612e29e97ed47605095221.exe
PID 2200 wrote to memory of 2208	2200	74fcf987ce612e29e97ed47605095221.exe	74fcf987ce612e29e97ed47605095221.exe
PID 2200 wrote to memory of 2208	2200	74fcf987ce612e29e97ed47605095221.exe	74fcf987ce612e29e97ed47605095221.exe
PID 2200 wrote to memory of 2208	2200	74fcf987ce612e29e97ed47605095221.exe	74fcf987ce612e29e97ed47605095221.exe
PID 2200 wrote to memory of 2208	2200	74fcf987ce612e29e97ed47605095221.exe	74fcf987ce612e29e97ed47605095221.exe
PID 2200 wrote to memory of 2208	2200	74fcf987ce612e29e97ed47605095221.exe	74fcf987ce612e29e97ed47605095221.exe

C:\Users\Admin\AppData\Local\Temp\74fcf987ce612e29e97ed47605095221.exe
"C:\Users\Admin\AppData\Local\Temp\74fcf987ce612e29e97ed47605095221.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Users\Admin\AppData\Local\Temp\74fcf987ce612e29e97ed47605095221.exe
  "C:\Users\Admin\AppData\Local\Temp\74fcf987ce612e29e97ed47605095221.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2208

memory/2208-2-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/2208-4-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/2208-7-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download
memory/2208-8-0x0000000000400000-0x000000000040D000-memory.dmp

Filesize
52KB

Download