c0af1d3171fc09a50db774c84d85ab5197a7f770372d2d93e4c54313816f0b7e

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:31

Target

751a48a12078e2c512af6014a53b630f.exe
Size

176KB
MD5

751a48a12078e2c512af6014a53b630f
SHA1

cb8e204bc8c7bfa8cb03881ce2acc124f543ca61
SHA256

c0af1d3171fc09a50db774c84d85ab5197a7f770372d2d93e4c54313816f0b7e
SHA512

18f2e2764950fe4e79d7a02f2aa8582dc3a7dc5eecf86ea391012c121d00e2f0b805383aadf9dcb1c3e5c68f6a1be26d3c92a784e7bfdcb827c12612b69d68c5
SSDEEP

768:lDSxf89x8dLQc9CcXdUT0VrvGoCxloLsyc9pOT0MhH9as0D91iWeTT:lqY8dLQ3loQX79MWrD91T0

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

751a48a12078e2c512af6014a53b630f.exe

description pid process target process

PID 2920 set thread context of 2152 2920 751a48a12078e2c512af6014a53b630f.exe 751a48a12078e2c512af6014a53b630f.EXE
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

751a48a12078e2c512af6014a53b630f.exe751a48a12078e2c512af6014a53b630f.EXE

pid process

2920 751a48a12078e2c512af6014a53b630f.exe
2152 751a48a12078e2c512af6014a53b630f.EXE

description	pid	process	target process
PID 2920 set thread context of 2152	2920	751a48a12078e2c512af6014a53b630f.exe	751a48a12078e2c512af6014a53b630f.EXE

pid	process
2920	751a48a12078e2c512af6014a53b630f.exe
2152	751a48a12078e2c512af6014a53b630f.EXE

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

751a48a12078e2c512af6014a53b630f.exe

description	pid	process	target process
PID 2920 wrote to memory of 2152	2920	751a48a12078e2c512af6014a53b630f.exe	751a48a12078e2c512af6014a53b630f.EXE
PID 2920 wrote to memory of 2152	2920	751a48a12078e2c512af6014a53b630f.exe	751a48a12078e2c512af6014a53b630f.EXE
PID 2920 wrote to memory of 2152	2920	751a48a12078e2c512af6014a53b630f.exe	751a48a12078e2c512af6014a53b630f.EXE
PID 2920 wrote to memory of 2152	2920	751a48a12078e2c512af6014a53b630f.exe	751a48a12078e2c512af6014a53b630f.EXE
PID 2920 wrote to memory of 2152	2920	751a48a12078e2c512af6014a53b630f.exe	751a48a12078e2c512af6014a53b630f.EXE
PID 2920 wrote to memory of 2152	2920	751a48a12078e2c512af6014a53b630f.exe	751a48a12078e2c512af6014a53b630f.EXE
PID 2920 wrote to memory of 2152	2920	751a48a12078e2c512af6014a53b630f.exe	751a48a12078e2c512af6014a53b630f.EXE
PID 2920 wrote to memory of 2152	2920	751a48a12078e2c512af6014a53b630f.exe	751a48a12078e2c512af6014a53b630f.EXE
PID 2920 wrote to memory of 2152	2920	751a48a12078e2c512af6014a53b630f.exe	751a48a12078e2c512af6014a53b630f.EXE

C:\Users\Admin\AppData\Local\Temp\751a48a12078e2c512af6014a53b630f.EXE
"C:\Users\Admin\AppData\Local\Temp\751a48a12078e2c512af6014a53b630f.EXE"
2⤵
- Suspicious use of SetWindowsHookEx
PID:2152

memory/2152-2-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2152-4-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2152-7-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download