7410668fa18c8cee23c14b28e2b562dfff02940d03b3f38dd7155c29ca2e2fc5

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02/02/2024, 23:46

Target

8ad71435f04e9259c8e1f704c1678a5e.exe
Size

45KB
MD5

8ad71435f04e9259c8e1f704c1678a5e
SHA1

be14fb26aaa3b1f49fa9c7bd973753c49efd73a6
SHA256

7410668fa18c8cee23c14b28e2b562dfff02940d03b3f38dd7155c29ca2e2fc5
SHA512

e81507e74051a56d2fc29a0e5b86ce74310ca9a5a40918e6187e24405d9a6f0dcbdfc77a2962754fcce41ff9555a6b7e7f179ae3d780fc9c3f597769f2e9b4ad
SSDEEP

768:ryYVE+sIYv7xezYJctfo1VoTg+ZKp1U6XDF93AIU2J+5X6GCPqhXs7Ulf7DRZg:ryY+dVv7xbJctKoTc1rD220RtCPq7JW

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1728 set thread context of 1864	1728	8ad71435f04e9259c8e1f704c1678a5e.exe	28

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1864	8ad71435f04e9259c8e1f704c1678a5e.exe
1864	8ad71435f04e9259c8e1f704c1678a5e.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1728	8ad71435f04e9259c8e1f704c1678a5e.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 1864	1728	8ad71435f04e9259c8e1f704c1678a5e.exe	28
PID 1728 wrote to memory of 1864	1728	8ad71435f04e9259c8e1f704c1678a5e.exe	28
PID 1728 wrote to memory of 1864	1728	8ad71435f04e9259c8e1f704c1678a5e.exe	28
PID 1728 wrote to memory of 1864	1728	8ad71435f04e9259c8e1f704c1678a5e.exe	28
PID 1728 wrote to memory of 1864	1728	8ad71435f04e9259c8e1f704c1678a5e.exe	28
PID 1728 wrote to memory of 1864	1728	8ad71435f04e9259c8e1f704c1678a5e.exe	28
PID 1728 wrote to memory of 1864	1728	8ad71435f04e9259c8e1f704c1678a5e.exe	28
PID 1728 wrote to memory of 1864	1728	8ad71435f04e9259c8e1f704c1678a5e.exe	28
PID 1864 wrote to memory of 1140	1864	8ad71435f04e9259c8e1f704c1678a5e.exe	1
PID 1864 wrote to memory of 1140	1864	8ad71435f04e9259c8e1f704c1678a5e.exe	1
PID 1864 wrote to memory of 1140	1864	8ad71435f04e9259c8e1f704c1678a5e.exe	1
PID 1864 wrote to memory of 1140	1864	8ad71435f04e9259c8e1f704c1678a5e.exe	1

memory/1140-8-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1140-12-0x000000007EFD0000-0x000000007EFD1000-memory.dmp

Filesize
4KB

Download
memory/1728-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1728-6-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1864-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1864-5-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1864-7-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1864-11-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1864-21-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download