b6a6ce960aed83c5f571e64bc1a625ff4df072bc45f6f39e47c8e7685ca228df

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 01:08

Target

c4948557f8d6edbc6408df3bf1309f4d.exe
Size

21KB
MD5

c4948557f8d6edbc6408df3bf1309f4d
SHA1

8d448e5a7c5aba3de260ea9c301fc9943cd5e132
SHA256

b6a6ce960aed83c5f571e64bc1a625ff4df072bc45f6f39e47c8e7685ca228df
SHA512

31c859230dbf686bd2adca3183f3278ebd650e4ca6ab279abcb6e1f84efb079a6b605cf1e43fba8e353c5ed623b70935740db3401c05e486eee238c48a3e7f56
SSDEEP

192:bQbC86d6IxkzACICF3eSNr71oynN5WwPlR1rwUxUwPEtVBq7aGZYUEevrLS:bQ89CIBSN/1jMw7ZwUzsrg7lZvR

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3000 set thread context of 2352	3000	c4948557f8d6edbc6408df3bf1309f4d.exe	28

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2352	c4948557f8d6edbc6408df3bf1309f4d.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 2352	3000	c4948557f8d6edbc6408df3bf1309f4d.exe	28
PID 3000 wrote to memory of 2352	3000	c4948557f8d6edbc6408df3bf1309f4d.exe	28
PID 3000 wrote to memory of 2352	3000	c4948557f8d6edbc6408df3bf1309f4d.exe	28
PID 3000 wrote to memory of 2352	3000	c4948557f8d6edbc6408df3bf1309f4d.exe	28
PID 3000 wrote to memory of 2352	3000	c4948557f8d6edbc6408df3bf1309f4d.exe	28
PID 3000 wrote to memory of 2352	3000	c4948557f8d6edbc6408df3bf1309f4d.exe	28
PID 3000 wrote to memory of 2352	3000	c4948557f8d6edbc6408df3bf1309f4d.exe	28
PID 3000 wrote to memory of 2352	3000	c4948557f8d6edbc6408df3bf1309f4d.exe	28
PID 3000 wrote to memory of 2352	3000	c4948557f8d6edbc6408df3bf1309f4d.exe	28

C:\Users\Admin\AppData\Local\Temp\c4948557f8d6edbc6408df3bf1309f4d.exe
"C:\Users\Admin\AppData\Local\Temp\c4948557f8d6edbc6408df3bf1309f4d.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Users\Admin\AppData\Local\Temp\c4948557f8d6edbc6408df3bf1309f4d.exe
  "C:\Users\Admin\AppData\Local\Temp\c4948557f8d6edbc6408df3bf1309f4d.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2352

memory/2352-0-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2352-2-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2352-4-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2352-6-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2352-8-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2352-10-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2352-12-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/2352-15-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download