9f9cafc677683550ff5523bb8e6ce665e13f2f9d7f739c29bd9f535196c59750

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13-03-2024 17:02

Target

c66a022c49b31dd7b28aa44a713cc9b2.exe
Size

205KB
MD5

c66a022c49b31dd7b28aa44a713cc9b2
SHA1

23b96f1a49577677ec1a2003bb20549422ae8f73
SHA256

9f9cafc677683550ff5523bb8e6ce665e13f2f9d7f739c29bd9f535196c59750
SHA512

46e62921f86d3e7413f7e63e6ef2d98fd757ec57ef1d011ec6ff7bdac22c425d37d154a2a95f7a4453101adb737d08763123478679a8d9bd7028b6ccbee5e76a
SSDEEP

1536:fQ+v5YfQudoHC5s4dhU+pnMcYW/Usy7uh2UKYq1dDhdsMbTMGwhiSUfhQd5AWBrW:fNvO4udoGfU+26AFXdt9TMpuQd5AWB6

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1044 set thread context of 4092	1044	c66a022c49b31dd7b28aa44a713cc9b2.exe	91

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1044	c66a022c49b31dd7b28aa44a713cc9b2.exe

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 4092	1044	c66a022c49b31dd7b28aa44a713cc9b2.exe	91
PID 1044 wrote to memory of 4092	1044	c66a022c49b31dd7b28aa44a713cc9b2.exe	91
PID 1044 wrote to memory of 4092	1044	c66a022c49b31dd7b28aa44a713cc9b2.exe	91
PID 1044 wrote to memory of 4092	1044	c66a022c49b31dd7b28aa44a713cc9b2.exe	91
PID 1044 wrote to memory of 4092	1044	c66a022c49b31dd7b28aa44a713cc9b2.exe	91
PID 1044 wrote to memory of 4092	1044	c66a022c49b31dd7b28aa44a713cc9b2.exe	91
PID 1044 wrote to memory of 4092	1044	c66a022c49b31dd7b28aa44a713cc9b2.exe	91
PID 1044 wrote to memory of 4092	1044	c66a022c49b31dd7b28aa44a713cc9b2.exe	91
PID 1044 wrote to memory of 4092	1044	c66a022c49b31dd7b28aa44a713cc9b2.exe	91
PID 1044 wrote to memory of 4092	1044	c66a022c49b31dd7b28aa44a713cc9b2.exe	91
PID 1044 wrote to memory of 4092	1044	c66a022c49b31dd7b28aa44a713cc9b2.exe	91
PID 1044 wrote to memory of 4092	1044	c66a022c49b31dd7b28aa44a713cc9b2.exe	91
PID 1044 wrote to memory of 4092	1044	c66a022c49b31dd7b28aa44a713cc9b2.exe	91

C:\Users\Admin\AppData\Local\Temp\c66a022c49b31dd7b28aa44a713cc9b2.exe
"C:\Users\Admin\AppData\Local\Temp\c66a022c49b31dd7b28aa44a713cc9b2.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Users\Admin\AppData\Local\Temp\c66a022c49b31dd7b28aa44a713cc9b2.exe
  "C:\Users\Admin\AppData\Local\Temp\c66a022c49b31dd7b28aa44a713cc9b2.exe"
  2⤵
  PID:4092

memory/4092-2-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4092-3-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4092-4-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4092-5-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4092-6-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download