9a0ef3d807b53fea12ec2f83cac40535db99089d957bc66586f0d73d6ca41f24

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/02/2024, 05:02

Target

gusanitocompostalesvermipostalref07112012.exe
Size

92KB
MD5

ff574e34e882f584f5842dc348ee708f
SHA1

284836bc5ed753c3db61c56965e8e89cf4b793d7
SHA256

1b22cbbe793c185a7d11a4b2e44845155899ae07a9047fda2205daf7f562f8bc
SHA512

13f739b9856d0c08c641f44df94164597cbe862de11a5ae60647f25ccee4d89b3456b55d7696c1e258b451ee4830ba0057f72f07f585572160bf8e1122953820
SSDEEP

1536:YVgpq4pJRzg/G/leeYVYosr018UdRsl5zgGYEV:YKBPjrI8UXag

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2008 set thread context of 2816	2008	gusanitocompostalesvermipostalref07112012.exe	28

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2008	gusanitocompostalesvermipostalref07112012.exe
2816	gusanitocompostalesvermipostalref07112012.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 2816	2008	gusanitocompostalesvermipostalref07112012.exe	28
PID 2008 wrote to memory of 2816	2008	gusanitocompostalesvermipostalref07112012.exe	28
PID 2008 wrote to memory of 2816	2008	gusanitocompostalesvermipostalref07112012.exe	28
PID 2008 wrote to memory of 2816	2008	gusanitocompostalesvermipostalref07112012.exe	28
PID 2008 wrote to memory of 2816	2008	gusanitocompostalesvermipostalref07112012.exe	28
PID 2008 wrote to memory of 2816	2008	gusanitocompostalesvermipostalref07112012.exe	28
PID 2008 wrote to memory of 2816	2008	gusanitocompostalesvermipostalref07112012.exe	28
PID 2008 wrote to memory of 2816	2008	gusanitocompostalesvermipostalref07112012.exe	28
PID 2008 wrote to memory of 2816	2008	gusanitocompostalesvermipostalref07112012.exe	28

C:\Users\Admin\AppData\Local\Temp\gusanitocompostalesvermipostalref07112012.exe
"C:\Users\Admin\AppData\Local\Temp\gusanitocompostalesvermipostalref07112012.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Users\Admin\AppData\Local\Temp\gusanitocompostalesvermipostalref07112012.exe
  "C:\Users\Admin\AppData\Local\Temp\gusanitocompostalesvermipostalref07112012.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2816

memory/2816-2-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2816-4-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2816-6-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2816-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2816-12-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2816-17-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2816-18-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download