078b965071b82f2cf93375f8a7174b59bb3a26f8ab85572facc612b9cb34185e

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08-03-2024 03:12

Target

ba5edbc89d0b7ab519c57475d8b93291.exe
Size

79KB
MD5

ba5edbc89d0b7ab519c57475d8b93291
SHA1

d48642d2c9668f34a0a89b0197ff423b5619f54b
SHA256

078b965071b82f2cf93375f8a7174b59bb3a26f8ab85572facc612b9cb34185e
SHA512

5afdc8d479fe2da6fb696e46272969cc9461596cf85be9a3e7879a2baf52cc5777791dec2f05ae407a85f4aeb62996f5a3c47d7a7ea7c5c42a6396b2c4074bdd
SSDEEP

1536:pxiZVe8LdkAOp8GX6/ySqqqfN0la6k4njvLLu41GIWD00+m:pxiZVe8LdkBp8uSNoiI6RXNWDQ

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1244 set thread context of 2792	1244	ba5edbc89d0b7ab519c57475d8b93291.exe	28

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1244	ba5edbc89d0b7ab519c57475d8b93291.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1244 wrote to memory of 2792	1244	ba5edbc89d0b7ab519c57475d8b93291.exe	28
PID 1244 wrote to memory of 2792	1244	ba5edbc89d0b7ab519c57475d8b93291.exe	28
PID 1244 wrote to memory of 2792	1244	ba5edbc89d0b7ab519c57475d8b93291.exe	28
PID 1244 wrote to memory of 2792	1244	ba5edbc89d0b7ab519c57475d8b93291.exe	28
PID 1244 wrote to memory of 2792	1244	ba5edbc89d0b7ab519c57475d8b93291.exe	28
PID 1244 wrote to memory of 2792	1244	ba5edbc89d0b7ab519c57475d8b93291.exe	28
PID 1244 wrote to memory of 2792	1244	ba5edbc89d0b7ab519c57475d8b93291.exe	28
PID 1244 wrote to memory of 2792	1244	ba5edbc89d0b7ab519c57475d8b93291.exe	28

C:\Users\Admin\AppData\Local\Temp\ba5edbc89d0b7ab519c57475d8b93291.exe
"C:\Users\Admin\AppData\Local\Temp\ba5edbc89d0b7ab519c57475d8b93291.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1244
- C:\Users\Admin\AppData\Local\Temp\ba5edbc89d0b7ab519c57475d8b93291.exe
  "C:\Users\Admin\AppData\Local\Temp\ba5edbc89d0b7ab519c57475d8b93291.exe"
  2⤵
  PID:2792

memory/1244-1-0x0000000000020000-0x0000000000023000-memory.dmp

Filesize
12KB

Download
memory/1244-0-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/1244-10-0x0000000000400000-0x0000000000468000-memory.dmp

Filesize
416KB

Download
memory/2792-4-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2792-6-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2792-8-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2792-11-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/2792-12-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2792-13-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2792-14-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/2792-15-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download