9a0ef3d807b53fea12ec2f83cac40535db99089d957bc66586f0d73d6ca41f24

Analysis

max time kernel
100s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29-02-2024 05:02

Target

gusanitocompostalesvermipostalref07112012.exe
Size

92KB
MD5

ff574e34e882f584f5842dc348ee708f
SHA1

284836bc5ed753c3db61c56965e8e89cf4b793d7
SHA256

1b22cbbe793c185a7d11a4b2e44845155899ae07a9047fda2205daf7f562f8bc
SHA512

13f739b9856d0c08c641f44df94164597cbe862de11a5ae60647f25ccee4d89b3456b55d7696c1e258b451ee4830ba0057f72f07f585572160bf8e1122953820
SSDEEP

1536:YVgpq4pJRzg/G/leeYVYosr018UdRsl5zgGYEV:YKBPjrI8UXag

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1876 set thread context of 484	1876	gusanitocompostalesvermipostalref07112012.exe	90

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1876	gusanitocompostalesvermipostalref07112012.exe
484	gusanitocompostalesvermipostalref07112012.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1876 wrote to memory of 484	1876	gusanitocompostalesvermipostalref07112012.exe	90
PID 1876 wrote to memory of 484	1876	gusanitocompostalesvermipostalref07112012.exe	90
PID 1876 wrote to memory of 484	1876	gusanitocompostalesvermipostalref07112012.exe	90
PID 1876 wrote to memory of 484	1876	gusanitocompostalesvermipostalref07112012.exe	90
PID 1876 wrote to memory of 484	1876	gusanitocompostalesvermipostalref07112012.exe	90
PID 1876 wrote to memory of 484	1876	gusanitocompostalesvermipostalref07112012.exe	90
PID 1876 wrote to memory of 484	1876	gusanitocompostalesvermipostalref07112012.exe	90
PID 1876 wrote to memory of 484	1876	gusanitocompostalesvermipostalref07112012.exe	90

C:\Users\Admin\AppData\Local\Temp\gusanitocompostalesvermipostalref07112012.exe
"C:\Users\Admin\AppData\Local\Temp\gusanitocompostalesvermipostalref07112012.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1876
- C:\Users\Admin\AppData\Local\Temp\gusanitocompostalesvermipostalref07112012.exe
  "C:\Users\Admin\AppData\Local\Temp\gusanitocompostalesvermipostalref07112012.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:484

memory/484-2-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/484-4-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/484-7-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download