7b9cae8882dd59fcab69775460dc762ebdf7123db39f56f8450c3086e4d0344d

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/03/2024, 01:28

Target

d793655999663dc54dc0968c6821f3ce.exe
Size

62KB
MD5

d793655999663dc54dc0968c6821f3ce
SHA1

068decdc29e6535193cdb0145d9013a60eda1e08
SHA256

7b9cae8882dd59fcab69775460dc762ebdf7123db39f56f8450c3086e4d0344d
SHA512

ab2b318baadf3a101b9e4d75dcf0bad4e27ad661660e396815969eb6bc9d7f5af22e46104826c78d8775598412114c287c735056ee9c8c3894ad2c16519f87e0
SSDEEP

1536:F5Lwyvz9G39Jxsy2ezlkVqBU8EYq5vFWjr8WF:7Dvz9u9JpCVqZEhvbI

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2776 set thread context of 1284	2776	d793655999663dc54dc0968c6821f3ce.exe	28

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2776	d793655999663dc54dc0968c6821f3ce.exe
1284	d793655999663dc54dc0968c6821f3ce.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 1284	2776	d793655999663dc54dc0968c6821f3ce.exe	28
PID 2776 wrote to memory of 1284	2776	d793655999663dc54dc0968c6821f3ce.exe	28
PID 2776 wrote to memory of 1284	2776	d793655999663dc54dc0968c6821f3ce.exe	28
PID 2776 wrote to memory of 1284	2776	d793655999663dc54dc0968c6821f3ce.exe	28
PID 2776 wrote to memory of 1284	2776	d793655999663dc54dc0968c6821f3ce.exe	28
PID 2776 wrote to memory of 1284	2776	d793655999663dc54dc0968c6821f3ce.exe	28
PID 2776 wrote to memory of 1284	2776	d793655999663dc54dc0968c6821f3ce.exe	28
PID 2776 wrote to memory of 1284	2776	d793655999663dc54dc0968c6821f3ce.exe	28

C:\Users\Admin\AppData\Local\Temp\d793655999663dc54dc0968c6821f3ce.exe
"C:\Users\Admin\AppData\Local\Temp\d793655999663dc54dc0968c6821f3ce.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Users\Admin\AppData\Local\Temp\d793655999663dc54dc0968c6821f3ce.exe
  "C:\Users\Admin\AppData\Local\Temp\d793655999663dc54dc0968c6821f3ce.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1284

memory/1284-4-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1284-7-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1284-9-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1284-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1284-13-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1284-15-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1284-19-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2776-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2776-5-0x0000000000280000-0x0000000000288000-memory.dmp

Filesize
32KB

Download
memory/2776-18-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download