a4a4efc35375974a8402e051885531856498e51d62a81d50a12c698dac6301d3

Analysis

max time kernel
160s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27-03-2024 06:49

Target

e108ac9097d462cd6ec844f896e4f14d.exe
Size

264KB
MD5

e108ac9097d462cd6ec844f896e4f14d
SHA1

99b4550ef6b094591a36ae9522ad284d75d1258b
SHA256

a4a4efc35375974a8402e051885531856498e51d62a81d50a12c698dac6301d3
SHA512

eadcbac1800247a69f7f922f0efe6f5ff11105799c843e4e3c1685d92900741add5ff00d3fcb2afac1147c90aac8dc4a1bdc791a9096fb01b559dbab47e8e72e
SSDEEP

3072:gKeNNdokjMY7MWZBVunseyfFpm7acQvZ4OD:RxWjVNXjGm

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3204 set thread context of 1672	3204	e108ac9097d462cd6ec844f896e4f14d.exe	88

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3204	e108ac9097d462cd6ec844f896e4f14d.exe
1672	e108ac9097d462cd6ec844f896e4f14d.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3204 wrote to memory of 1672	3204	e108ac9097d462cd6ec844f896e4f14d.exe	88
PID 3204 wrote to memory of 1672	3204	e108ac9097d462cd6ec844f896e4f14d.exe	88
PID 3204 wrote to memory of 1672	3204	e108ac9097d462cd6ec844f896e4f14d.exe	88
PID 3204 wrote to memory of 1672	3204	e108ac9097d462cd6ec844f896e4f14d.exe	88
PID 3204 wrote to memory of 1672	3204	e108ac9097d462cd6ec844f896e4f14d.exe	88
PID 3204 wrote to memory of 1672	3204	e108ac9097d462cd6ec844f896e4f14d.exe	88
PID 3204 wrote to memory of 1672	3204	e108ac9097d462cd6ec844f896e4f14d.exe	88
PID 3204 wrote to memory of 1672	3204	e108ac9097d462cd6ec844f896e4f14d.exe	88

C:\Users\Admin\AppData\Local\Temp\e108ac9097d462cd6ec844f896e4f14d.exe
"C:\Users\Admin\AppData\Local\Temp\e108ac9097d462cd6ec844f896e4f14d.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3204
- C:\Users\Admin\AppData\Local\Temp\e108ac9097d462cd6ec844f896e4f14d.exe
  C:\Users\Admin\AppData\Local\Temp\e108ac9097d462cd6ec844f896e4f14d.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1672

memory/1672-3-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1672-5-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1672-8-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/3204-0-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download