c63376f6f8fb06b378be6f8ebe2a06593f5111725e1ee5e65f70fec0cf09c0ef

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-05-2024 09:14

Target

c63376f6f8fb06b378be6f8ebe2a06593f5111725e1ee5e65f70fec0cf09c0ef.exe
Size

36KB
MD5

a2a1c23859ce7e6993d8df79803d6221
SHA1

f7d5690407070567bba68afee660ff4327f0a563
SHA256

c63376f6f8fb06b378be6f8ebe2a06593f5111725e1ee5e65f70fec0cf09c0ef
SHA512

238e54d16eb641b3762e69b306a23677eb01001d3f291cee2c1c3b34c02a6abe33267c7919fae7b2511360f38ae96a42b66446661d9edd5012b35590a3090455
SSDEEP

192:IImMbhEVIQHSw0Mx1TTw76mpvzvOQSBZL0X4O:II9bqVjE76UmT/a

Score

1^/10

Suspicious use of SetWindowsHookEx 5 IoCs

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 1744	2936	c63376f6f8fb06b378be6f8ebe2a06593f5111725e1ee5e65f70fec0cf09c0ef.exe	28
PID 2936 wrote to memory of 1744	2936	c63376f6f8fb06b378be6f8ebe2a06593f5111725e1ee5e65f70fec0cf09c0ef.exe	28
PID 2936 wrote to memory of 1744	2936	c63376f6f8fb06b378be6f8ebe2a06593f5111725e1ee5e65f70fec0cf09c0ef.exe	28
PID 2936 wrote to memory of 1744	2936	c63376f6f8fb06b378be6f8ebe2a06593f5111725e1ee5e65f70fec0cf09c0ef.exe	28
PID 1744 wrote to memory of 3028	1744	wordpad.exe	29
PID 1744 wrote to memory of 3028	1744	wordpad.exe	29
PID 1744 wrote to memory of 3028	1744	wordpad.exe	29
PID 1744 wrote to memory of 3028	1744	wordpad.exe	29

C:\Users\Admin\AppData\Local\Temp\c63376f6f8fb06b378be6f8ebe2a06593f5111725e1ee5e65f70fec0cf09c0ef.exe
"C:\Users\Admin\AppData\Local\Temp\c63376f6f8fb06b378be6f8ebe2a06593f5111725e1ee5e65f70fec0cf09c0ef.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
  "C:\Users\Admin\AppData\Local\Temp\c63376f6f8fb06b378be6f8ebe2a06593f5111725e1ee5e65f70fec0cf09c0ef.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1744
- - C:\Windows\splwow64.exe
    C:\Windows\splwow64.exe 12288
    3⤵
    PID:3028

memory/1744-2-0x0000000000030000-0x000000000043F000-memory.dmp

Filesize
4.1MB

Download
memory/1744-3-0x0000000000030000-0x000000000043F000-memory.dmp

Filesize
4.1MB

Download
memory/1744-4-0x0000000000030000-0x000000000043F000-memory.dmp

Filesize
4.1MB

Download
memory/2936-0-0x0000000000C00000-0x0000000000C07000-memory.dmp

Filesize
28KB

Download