367a243fc7e33f83c46e96525570b27503cb143f80d98020035290a9ed9689a6

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/03/2024, 11:06

Target

dddbf9b772b3fc63e58894e4f55635e9.exe
Size

119KB
MD5

dddbf9b772b3fc63e58894e4f55635e9
SHA1

b1a64ab076a00b1a0bacc47e245b30315b24da53
SHA256

367a243fc7e33f83c46e96525570b27503cb143f80d98020035290a9ed9689a6
SHA512

d2bab3de160c38d1313526777df86120b73d9626e73be81099d3cacf6f80ce2432274168ef229b1feecb3c06047ccefaac520abeb487a3b2d47c77167346666d
SSDEEP

3072:xSKN+SLaRM48sr1SSAeIOfvW7Bw0wlssNAz15X2A1n2e1:MNRM43ASA/ev7j0zXXJ1p

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2456 set thread context of 2560	2456	dddbf9b772b3fc63e58894e4f55635e9.exe	28

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2560	dddbf9b772b3fc63e58894e4f55635e9.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2456	dddbf9b772b3fc63e58894e4f55635e9.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2456 wrote to memory of 2560	2456	dddbf9b772b3fc63e58894e4f55635e9.exe	28
PID 2456 wrote to memory of 2560	2456	dddbf9b772b3fc63e58894e4f55635e9.exe	28
PID 2456 wrote to memory of 2560	2456	dddbf9b772b3fc63e58894e4f55635e9.exe	28
PID 2456 wrote to memory of 2560	2456	dddbf9b772b3fc63e58894e4f55635e9.exe	28
PID 2456 wrote to memory of 2560	2456	dddbf9b772b3fc63e58894e4f55635e9.exe	28
PID 2456 wrote to memory of 2560	2456	dddbf9b772b3fc63e58894e4f55635e9.exe	28
PID 2456 wrote to memory of 2560	2456	dddbf9b772b3fc63e58894e4f55635e9.exe	28
PID 2456 wrote to memory of 2560	2456	dddbf9b772b3fc63e58894e4f55635e9.exe	28
PID 2456 wrote to memory of 2560	2456	dddbf9b772b3fc63e58894e4f55635e9.exe	28
PID 2456 wrote to memory of 2560	2456	dddbf9b772b3fc63e58894e4f55635e9.exe	28

C:\Users\Admin\AppData\Local\Temp\dddbf9b772b3fc63e58894e4f55635e9.exe
"C:\Users\Admin\AppData\Local\Temp\dddbf9b772b3fc63e58894e4f55635e9.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2456
- C:\Users\Admin\AppData\Local\Temp\dddbf9b772b3fc63e58894e4f55635e9.exe
  C:\Users\Admin\AppData\Local\Temp\dddbf9b772b3fc63e58894e4f55635e9.exe
  2⤵
  - Suspicious behavior: RenamesItself
  PID:2560

memory/2456-0-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2456-3-0x0000000000470000-0x000000000048A000-memory.dmp

Filesize
104KB

Download
memory/2456-7-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2560-4-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2560-6-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2560-9-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2560-8-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2560-12-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download