6ffdfd51b25546e1001ddf010137ba3f75ecc3a3ae368c3b6b476a6da70df5b2

Analysis

max time kernel
139s
max time network
144s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14-03-2024 14:51

Target

c8e42d305824cc1836cd709508c34c1f.exe
Size

912KB
MD5

c8e42d305824cc1836cd709508c34c1f
SHA1

30a58b7ee26bdc904ee8611f5fdd9c1faa87ba72
SHA256

6ffdfd51b25546e1001ddf010137ba3f75ecc3a3ae368c3b6b476a6da70df5b2
SHA512

80e3fa47bfb9dda53e32ec0fbd93a11e72608a267fbb2f0f9c7e5c042253465caba3ed39bfc21e358b81d9927aa58cc4e2aa0b5d63e3f51e26db88dbaf5296a1
SSDEEP

24576:449S1K9VKKRe813Ov9VK4+5u5d525P5m5y5h5N5+5r5YZso3:4WSgVKKReKgK4QA7IB48XrQ12j3

Score

1^/10

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3052	c8e42d305824cc1836cd709508c34c1f.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
3052	c8e42d305824cc1836cd709508c34c1f.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3052	c8e42d305824cc1836cd709508c34c1f.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 2572	3052	c8e42d305824cc1836cd709508c34c1f.exe	28
PID 3052 wrote to memory of 2572	3052	c8e42d305824cc1836cd709508c34c1f.exe	28
PID 3052 wrote to memory of 2572	3052	c8e42d305824cc1836cd709508c34c1f.exe	28
PID 3052 wrote to memory of 2572	3052	c8e42d305824cc1836cd709508c34c1f.exe	28
PID 3052 wrote to memory of 2572	3052	c8e42d305824cc1836cd709508c34c1f.exe	28
PID 3052 wrote to memory of 2572	3052	c8e42d305824cc1836cd709508c34c1f.exe	28
PID 3052 wrote to memory of 2572	3052	c8e42d305824cc1836cd709508c34c1f.exe	28

C:\Users\Admin\AppData\Local\Temp\c8e42d305824cc1836cd709508c34c1f.exe
"C:\Users\Admin\AppData\Local\Temp\c8e42d305824cc1836cd709508c34c1f.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32 /u /s ShHitBHO.dll
  2⤵
  PID:2572

memory/3052-0-0x0000000000400000-0x0000000000680000-memory.dmp

Filesize
2.5MB

Download
memory/3052-1-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/3052-2-0x0000000000400000-0x0000000000680000-memory.dmp

Filesize
2.5MB

Download
memory/3052-3-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/3052-4-0x0000000000400000-0x0000000000680000-memory.dmp

Filesize
2.5MB

Download
memory/3052-5-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download