2d7fa8aaa8464fa8e33585a2ab47cfeddbdf2822baefb7cca61d33617879ee51

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 13:34

Target

d63d39701226a35e27f8c660ef5d8edf.exe
Size

208KB
MD5

d63d39701226a35e27f8c660ef5d8edf
SHA1

c3533a33e888e9aff1ee976c5c6a6b782146a0f3
SHA256

2d7fa8aaa8464fa8e33585a2ab47cfeddbdf2822baefb7cca61d33617879ee51
SHA512

6841c7f951ca2e09dd8108f94d18bdb5bca9e55a273c019c89e4feff48013bf8d1fd5e3fb2518e3e8f3325f6bd8108b7d7d5f24e1ab8759d764406511a8059f9
SSDEEP

3072:5qwCsowFS0bPwJa3rYtD6QaL0qixPbnz03lk/3eY0kUPxF29BepIUOaOdphRoWst:pbosS0bPwJAUtD6nKxbn9O/kU3YpLot

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2820 set thread context of 2184	2820	d63d39701226a35e27f8c660ef5d8edf.exe	28

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2184	d63d39701226a35e27f8c660ef5d8edf.exe
2184	d63d39701226a35e27f8c660ef5d8edf.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2820	d63d39701226a35e27f8c660ef5d8edf.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 2184	2820	d63d39701226a35e27f8c660ef5d8edf.exe	28
PID 2820 wrote to memory of 2184	2820	d63d39701226a35e27f8c660ef5d8edf.exe	28
PID 2820 wrote to memory of 2184	2820	d63d39701226a35e27f8c660ef5d8edf.exe	28
PID 2820 wrote to memory of 2184	2820	d63d39701226a35e27f8c660ef5d8edf.exe	28
PID 2820 wrote to memory of 2184	2820	d63d39701226a35e27f8c660ef5d8edf.exe	28
PID 2820 wrote to memory of 2184	2820	d63d39701226a35e27f8c660ef5d8edf.exe	28
PID 2820 wrote to memory of 2184	2820	d63d39701226a35e27f8c660ef5d8edf.exe	28
PID 2820 wrote to memory of 2184	2820	d63d39701226a35e27f8c660ef5d8edf.exe	28
PID 2184 wrote to memory of 1348	2184	d63d39701226a35e27f8c660ef5d8edf.exe	21
PID 2184 wrote to memory of 1348	2184	d63d39701226a35e27f8c660ef5d8edf.exe	21
PID 2184 wrote to memory of 1348	2184	d63d39701226a35e27f8c660ef5d8edf.exe	21
PID 2184 wrote to memory of 1348	2184	d63d39701226a35e27f8c660ef5d8edf.exe	21

memory/1348-9-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1348-13-0x000000007EFD0000-0x000000007EFD1000-memory.dmp

Filesize
4KB

Download
memory/2184-4-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2184-7-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2184-8-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2184-11-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2184-23-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2820-0-0x0000000000400000-0x00000000004D2000-memory.dmp

Filesize
840KB

Download
memory/2820-1-0x0000000000400000-0x00000000004D2000-memory.dmp

Filesize
840KB

Download
memory/2820-6-0x0000000000400000-0x00000000004D2000-memory.dmp

Filesize
840KB

Download