2f948b529500701e1cdd28c47653857ce7286115bb82badc435d05951557e0df

Analysis

max time kernel
143s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 09:20

Target

96cfeb657752b5498ad4b47d142003a0.exe
Size

128KB
MD5

96cfeb657752b5498ad4b47d142003a0
SHA1

d343b7c9347271dbf03d68410004795e394f17c3
SHA256

2f948b529500701e1cdd28c47653857ce7286115bb82badc435d05951557e0df
SHA512

47b5a61a8124d41e50420a196b961f749314f7126f87b1b2acc2403400030702ee3fb6c83fdc2e19dd5051fb7ca41eef82f651659c7c2d374070d22deb16ad33
SSDEEP

3072:zjh/Bpt5y6wUSzgS7YiWCBq6Kpvu77GaXZtx:zjhHt5FZnS/WCQIPGah

Score

5^/10

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1028 set thread context of 3132	1028	96cfeb657752b5498ad4b47d142003a0.exe	84
PID 3132 set thread context of 2540	3132	96cfeb657752b5498ad4b47d142003a0.exe	85

Suspicious use of SetWindowsHookEx 3 IoCs

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 3132	1028	96cfeb657752b5498ad4b47d142003a0.exe	84
PID 1028 wrote to memory of 3132	1028	96cfeb657752b5498ad4b47d142003a0.exe	84
PID 1028 wrote to memory of 3132	1028	96cfeb657752b5498ad4b47d142003a0.exe	84
PID 1028 wrote to memory of 3132	1028	96cfeb657752b5498ad4b47d142003a0.exe	84
PID 1028 wrote to memory of 3132	1028	96cfeb657752b5498ad4b47d142003a0.exe	84
PID 1028 wrote to memory of 3132	1028	96cfeb657752b5498ad4b47d142003a0.exe	84
PID 1028 wrote to memory of 3132	1028	96cfeb657752b5498ad4b47d142003a0.exe	84
PID 1028 wrote to memory of 3132	1028	96cfeb657752b5498ad4b47d142003a0.exe	84
PID 3132 wrote to memory of 2540	3132	96cfeb657752b5498ad4b47d142003a0.exe	85
PID 3132 wrote to memory of 2540	3132	96cfeb657752b5498ad4b47d142003a0.exe	85
PID 3132 wrote to memory of 2540	3132	96cfeb657752b5498ad4b47d142003a0.exe	85
PID 3132 wrote to memory of 2540	3132	96cfeb657752b5498ad4b47d142003a0.exe	85
PID 3132 wrote to memory of 2540	3132	96cfeb657752b5498ad4b47d142003a0.exe	85
PID 3132 wrote to memory of 2540	3132	96cfeb657752b5498ad4b47d142003a0.exe	85
PID 3132 wrote to memory of 2540	3132	96cfeb657752b5498ad4b47d142003a0.exe	85
PID 3132 wrote to memory of 2540	3132	96cfeb657752b5498ad4b47d142003a0.exe	85

C:\Users\Admin\AppData\Local\Temp\ste.txt

Filesize
9B

MD5
d6e0d01fc906ca012cfc8f548235065e

SHA1
273745182fa83816421f3bc6c06fe3f76d78cd5a

SHA256
2a3234189880f976cc65a07c15acbd11bfa46eeac8e69030e1d87bd6a51a0a74

SHA512
1245034885171347d4c4fcfea877ce60ed0e6bbaf644e2d0d850a10c1e0e4d2ebddac69058c5fda85c2ca76f9454cb73de2109e70d94c5391c68400c8bc208ea

Download Submit
memory/2540-7-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2540-9-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2540-13-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/3132-2-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3132-4-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3132-19-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download