ca810022e39a38ea6e286df1759948aa2eee697a7dc0491f4b3bb7dd8b1a37e3

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 16:57

Target

cbf0a35233b79bc16150ded183e6c6a6.exe
Size

188KB
MD5

cbf0a35233b79bc16150ded183e6c6a6
SHA1

524853bd462adaf9963317024373fb2cb5934d20
SHA256

ca810022e39a38ea6e286df1759948aa2eee697a7dc0491f4b3bb7dd8b1a37e3
SHA512

40fe2957d7892e6339cda984a481eb563e4ae6ca6318a7bd1ca83ccce6328465ed5ebabb3b9d1c29c73f0765ac5fbf71e67c07eee53988bbb3d1256df0d07f7e
SSDEEP

3072:j6EUP0Fx0k4MWJjFalEadPFO0c6p86SMiRL33eGxwMuWw5Bvs6:jo3Rs/b

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1252 set thread context of 1116	1252	cbf0a35233b79bc16150ded183e6c6a6.exe	28

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1116	cbf0a35233b79bc16150ded183e6c6a6.exe
1116	cbf0a35233b79bc16150ded183e6c6a6.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1252	cbf0a35233b79bc16150ded183e6c6a6.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 1116	1252	cbf0a35233b79bc16150ded183e6c6a6.exe	28
PID 1252 wrote to memory of 1116	1252	cbf0a35233b79bc16150ded183e6c6a6.exe	28
PID 1252 wrote to memory of 1116	1252	cbf0a35233b79bc16150ded183e6c6a6.exe	28
PID 1252 wrote to memory of 1116	1252	cbf0a35233b79bc16150ded183e6c6a6.exe	28
PID 1252 wrote to memory of 1116	1252	cbf0a35233b79bc16150ded183e6c6a6.exe	28
PID 1252 wrote to memory of 1116	1252	cbf0a35233b79bc16150ded183e6c6a6.exe	28
PID 1252 wrote to memory of 1116	1252	cbf0a35233b79bc16150ded183e6c6a6.exe	28
PID 1252 wrote to memory of 1116	1252	cbf0a35233b79bc16150ded183e6c6a6.exe	28
PID 1116 wrote to memory of 1392	1116	cbf0a35233b79bc16150ded183e6c6a6.exe	21
PID 1116 wrote to memory of 1392	1116	cbf0a35233b79bc16150ded183e6c6a6.exe	21
PID 1116 wrote to memory of 1392	1116	cbf0a35233b79bc16150ded183e6c6a6.exe	21
PID 1116 wrote to memory of 1392	1116	cbf0a35233b79bc16150ded183e6c6a6.exe	21

memory/1116-2-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1116-5-0x0000000000400000-0x00000000004083A0-memory.dmp

Filesize
32KB

Download
memory/1116-6-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1116-4-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1116-7-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1116-21-0x0000000000400000-0x00000000004083A0-memory.dmp

Filesize
32KB

Download
memory/1116-22-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1392-8-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1392-11-0x000000007EFD0000-0x000000007EFD1000-memory.dmp

Filesize
4KB

Download