7a422de8dd160ad4a9a581c7c153159e5bb292a72ad1079b7d9a25b01ae9d2a7

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03-02-2024 07:04

Target

8bb472397c62780314c21caca9e3e833.exe
Size

144KB
MD5

8bb472397c62780314c21caca9e3e833
SHA1

29172fd8895e800aff01f5b5dca4738e3e750f88
SHA256

7a422de8dd160ad4a9a581c7c153159e5bb292a72ad1079b7d9a25b01ae9d2a7
SHA512

44d6ed0ec6f01431aca90ddceaff5318de8f7a45dadcadbbae7b98e2decdf338d3dff66799aadaa9f9dd1c6a19e584e2fcf78f3c864543086f64827327811c25
SSDEEP

3072:h5PDyUGll2gb3B02hyNK7D6zdw3+P+kdMTpd1j:I1

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2220 set thread context of 1968	2220	8bb472397c62780314c21caca9e3e833.exe	28

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2220	8bb472397c62780314c21caca9e3e833.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 1968	2220	8bb472397c62780314c21caca9e3e833.exe	28
PID 2220 wrote to memory of 1968	2220	8bb472397c62780314c21caca9e3e833.exe	28
PID 2220 wrote to memory of 1968	2220	8bb472397c62780314c21caca9e3e833.exe	28
PID 2220 wrote to memory of 1968	2220	8bb472397c62780314c21caca9e3e833.exe	28
PID 2220 wrote to memory of 1968	2220	8bb472397c62780314c21caca9e3e833.exe	28
PID 2220 wrote to memory of 1968	2220	8bb472397c62780314c21caca9e3e833.exe	28
PID 2220 wrote to memory of 1968	2220	8bb472397c62780314c21caca9e3e833.exe	28
PID 2220 wrote to memory of 1968	2220	8bb472397c62780314c21caca9e3e833.exe	28

C:\Users\Admin\AppData\Local\Temp\8bb472397c62780314c21caca9e3e833.exe
"C:\Users\Admin\AppData\Local\Temp\8bb472397c62780314c21caca9e3e833.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Users\Admin\AppData\Local\Temp\8bb472397c62780314c21caca9e3e833.exe
  C:\Users\Admin\AppData\Local\Temp\8bb472397c62780314c21caca9e3e833.exe
  2⤵
  PID:1968

memory/1968-2-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1968-4-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1968-5-0x0000000000400000-0x00000000004083A0-memory.dmp

Filesize
32KB

Download
memory/1968-6-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1968-7-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download