9f569d5502c9ce76242cc3fc4df296da8c5d37e97368582a4ff4be179359532d

Analysis

max time kernel
151s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 06:48

Target

d577f9b495a072fd46be36e3d86a717d.exe
Size

359KB
MD5

d577f9b495a072fd46be36e3d86a717d
SHA1

f4721946ff61e0bb99d13c8c4c1c2c56fca64f7b
SHA256

9f569d5502c9ce76242cc3fc4df296da8c5d37e97368582a4ff4be179359532d
SHA512

bb889617332d31833e80becfa2649f7661c17ce7546c89468ec6b7d1401e8414897850cda9d40de7b489665e84e0312f09be6fb1a5be68af47c41b09e3ea4f88
SSDEEP

6144:NBP59nRl/9DpZf6+wAIUvqkeIzo2tBSW8+wtWhxewi4AX7ppyBu/w3mm71MIeE:/P5lRDpZf6xAVLeIsYBSWQMxe5pjyBuO

Score

5^/10

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 996 set thread context of 4952	996	d577f9b495a072fd46be36e3d86a717d.exe	97
PID 4952 set thread context of 1684	4952	d577f9b495a072fd46be36e3d86a717d.exe	98

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
996	d577f9b495a072fd46be36e3d86a717d.exe
4952	d577f9b495a072fd46be36e3d86a717d.exe

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 996 wrote to memory of 4952	996	d577f9b495a072fd46be36e3d86a717d.exe	97
PID 996 wrote to memory of 4952	996	d577f9b495a072fd46be36e3d86a717d.exe	97
PID 996 wrote to memory of 4952	996	d577f9b495a072fd46be36e3d86a717d.exe	97
PID 996 wrote to memory of 4952	996	d577f9b495a072fd46be36e3d86a717d.exe	97
PID 996 wrote to memory of 4952	996	d577f9b495a072fd46be36e3d86a717d.exe	97
PID 996 wrote to memory of 4952	996	d577f9b495a072fd46be36e3d86a717d.exe	97
PID 996 wrote to memory of 4952	996	d577f9b495a072fd46be36e3d86a717d.exe	97
PID 996 wrote to memory of 4952	996	d577f9b495a072fd46be36e3d86a717d.exe	97
PID 996 wrote to memory of 4952	996	d577f9b495a072fd46be36e3d86a717d.exe	97
PID 996 wrote to memory of 4952	996	d577f9b495a072fd46be36e3d86a717d.exe	97
PID 4952 wrote to memory of 1684	4952	d577f9b495a072fd46be36e3d86a717d.exe	98
PID 4952 wrote to memory of 1684	4952	d577f9b495a072fd46be36e3d86a717d.exe	98
PID 4952 wrote to memory of 1684	4952	d577f9b495a072fd46be36e3d86a717d.exe	98
PID 4952 wrote to memory of 1684	4952	d577f9b495a072fd46be36e3d86a717d.exe	98
PID 4952 wrote to memory of 1684	4952	d577f9b495a072fd46be36e3d86a717d.exe	98
PID 4952 wrote to memory of 1684	4952	d577f9b495a072fd46be36e3d86a717d.exe	98
PID 4952 wrote to memory of 1684	4952	d577f9b495a072fd46be36e3d86a717d.exe	98

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4160 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:4592

memory/996-1-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/996-11-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/996-0-0x0000000000400000-0x000000000055F000-memory.dmp

Filesize
1.4MB

Download
memory/1684-14-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1684-23-0x0000000000400000-0x00000000004083A0-memory.dmp

Filesize
32KB

Download
memory/1684-21-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/1684-19-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1684-17-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1684-15-0x0000000000400000-0x00000000004083A0-memory.dmp

Filesize
32KB

Download
memory/4952-7-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/4952-10-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/4952-9-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/4952-20-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/4952-8-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/4952-6-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/4952-4-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download