7d997db5d1181928e0c205da6fcf29c7a45b9d02b396a07ee576377d3d4c3fdb

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 16:05

Target

c90965f144532eb5ff053c4035466dc0.exe
Size

59KB
MD5

c90965f144532eb5ff053c4035466dc0
SHA1

03e80a9da5fef3342bc8337af74dee80657a5d5a
SHA256

7d997db5d1181928e0c205da6fcf29c7a45b9d02b396a07ee576377d3d4c3fdb
SHA512

97e9a80b2eb1b3bf453a8a084374abfb565eb8103f8b21e287561d89ea20442dfdcc9eb0b2894c5ba01b01a8e06daad1c211be7aa791b23b4537428d433a4b91
SSDEEP

768:44ph8YBEw7yZKmpmqqB69fKInA4HG7P/iyydiJyJpKipjCNlZHgtgquV:vpuYDyZFmvBsjPG7PaSUjK1UiV

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1328 set thread context of 5080	1328	c90965f144532eb5ff053c4035466dc0.exe	97

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1328	c90965f144532eb5ff053c4035466dc0.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1328 wrote to memory of 5080	1328	c90965f144532eb5ff053c4035466dc0.exe	97
PID 1328 wrote to memory of 5080	1328	c90965f144532eb5ff053c4035466dc0.exe	97
PID 1328 wrote to memory of 5080	1328	c90965f144532eb5ff053c4035466dc0.exe	97
PID 1328 wrote to memory of 5080	1328	c90965f144532eb5ff053c4035466dc0.exe	97
PID 1328 wrote to memory of 5080	1328	c90965f144532eb5ff053c4035466dc0.exe	97
PID 1328 wrote to memory of 5080	1328	c90965f144532eb5ff053c4035466dc0.exe	97
PID 1328 wrote to memory of 5080	1328	c90965f144532eb5ff053c4035466dc0.exe	97
PID 5080 wrote to memory of 3364	5080	c90965f144532eb5ff053c4035466dc0.exe	57
PID 5080 wrote to memory of 3364	5080	c90965f144532eb5ff053c4035466dc0.exe	57
PID 5080 wrote to memory of 3364	5080	c90965f144532eb5ff053c4035466dc0.exe	57
PID 5080 wrote to memory of 3364	5080	c90965f144532eb5ff053c4035466dc0.exe	57

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1312 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
1⤵
PID:4672

memory/3364-10-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/3364-11-0x000000007FFD0000-0x000000007FFD1000-memory.dmp

Filesize
4KB

Download
memory/5080-2-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/5080-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/5080-6-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/5080-7-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/5080-8-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/5080-9-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/5080-15-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/5080-16-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download