d2703d4984113253a023ea8e2660ca1c6723eb72cbdc4c580763681ab8b89943

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 19:58

Target

c97d91ce9c43da6a4e1a04ca8b845412.exe
Size

68KB
MD5

c97d91ce9c43da6a4e1a04ca8b845412
SHA1

0057f53c82117d0266f5c7d0a2565c7bb5c01a79
SHA256

d2703d4984113253a023ea8e2660ca1c6723eb72cbdc4c580763681ab8b89943
SHA512

bff136b9e48e7701f865f3957333c53798df4a0131ee8b577f3451ebf439f7c5f2ff693554d40ca2c7df8b065e75410236c5a06cd5aeaa4080c23247d92647a7
SSDEEP

1536:zQVTRBX17T7WccEumEpkVvk/ER04FmBWp0D:zwVBX17H7cEunb/60rBWuD

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3140 set thread context of 3560	3140	c97d91ce9c43da6a4e1a04ca8b845412.exe	89

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3140	c97d91ce9c43da6a4e1a04ca8b845412.exe
3560	c97d91ce9c43da6a4e1a04ca8b845412.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3140 wrote to memory of 3560	3140	c97d91ce9c43da6a4e1a04ca8b845412.exe	89
PID 3140 wrote to memory of 3560	3140	c97d91ce9c43da6a4e1a04ca8b845412.exe	89
PID 3140 wrote to memory of 3560	3140	c97d91ce9c43da6a4e1a04ca8b845412.exe	89
PID 3140 wrote to memory of 3560	3140	c97d91ce9c43da6a4e1a04ca8b845412.exe	89
PID 3140 wrote to memory of 3560	3140	c97d91ce9c43da6a4e1a04ca8b845412.exe	89
PID 3140 wrote to memory of 3560	3140	c97d91ce9c43da6a4e1a04ca8b845412.exe	89
PID 3140 wrote to memory of 3560	3140	c97d91ce9c43da6a4e1a04ca8b845412.exe	89
PID 3140 wrote to memory of 3560	3140	c97d91ce9c43da6a4e1a04ca8b845412.exe	89

C:\Users\Admin\AppData\Local\Temp\c97d91ce9c43da6a4e1a04ca8b845412.exe
"C:\Users\Admin\AppData\Local\Temp\c97d91ce9c43da6a4e1a04ca8b845412.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3140
- C:\Users\Admin\AppData\Local\Temp\c97d91ce9c43da6a4e1a04ca8b845412.exe
  "C:\Users\Admin\AppData\Local\Temp\c97d91ce9c43da6a4e1a04ca8b845412.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3560

memory/3560-3-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3560-5-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3560-8-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3560-10-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download