7daa18e9835ca822570471ae58c1dfa667da89bb838c79c3f57f9c84192dedb8

Analysis

max time kernel
130s
max time network
143s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-04-2024 13:30

Target

Diln External V2.exe
Size

803KB
MD5

d714c9e28afdbf09289fe2792d787e53
SHA1

2b66d3b83de990f5f0a34681c59bc65fd1a23cc2
SHA256

7daa18e9835ca822570471ae58c1dfa667da89bb838c79c3f57f9c84192dedb8
SHA512

62a63b6bf61c8403fb41155415acb456986f508d4d62c6536d937b94d316f747213102c165da269e64175f9ea004b070ab658fa744f8c325da063fb3b2c73c56
SSDEEP

24576:AqzcpKIL0TvZzNlNky0wVW0wZxxVgcqX:Z6j0TvZzNlNk3w00wZxxVgcqX

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1688	Diln External V2.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1688	Diln External V2.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 2252	1688	Diln External V2.exe	28
PID 1688 wrote to memory of 2252	1688	Diln External V2.exe	28
PID 1688 wrote to memory of 2252	1688	Diln External V2.exe	28
PID 1688 wrote to memory of 2252	1688	Diln External V2.exe	28

C:\Users\Admin\AppData\Local\Temp\Diln External V2.exe
"C:\Users\Admin\AppData\Local\Temp\Diln External V2.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Users\Admin\AppData\Local\Temp\Diln External V2.exe
  "C:\Users\Admin\AppData\Local\Temp\Diln External V2.exe" 1688
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2252