7fcd33dee5c115cbe278363022726c8905fbb1a0d26afdd235a50b4bce032d76

Resubmissions

05/08/2024, 20:08

05/08/2024, 20:02

05/08/2024, 19:54

05/08/2024, 19:44

05/08/2024, 19:39

max time kernel
6s
max time network
18s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
05/08/2024, 20:08

Target

OneShot.v2022.12.06/OneShot.v2022.12.06/steamshim.exe
Size

48KB
MD5

597f402e2f44f6faff97b5c3e9e9130f
SHA1

d1a9615dee24603955c4da0637b9dca03c61e8fa
SHA256

0e837d43de3455dd735b3e57a1fb883abac3f53e5aa8fc01538c02e9356298cb
SHA512

57f366e7960db206be016f2ffe40c1452fd1a642b7d71b11e4e0356c5eb26288fcbfe5a428b5ec34e7fe691eadaac4bf721eaf6813fb2aa767c0c2e0043e3128
SSDEEP

384:ImLX+BYsGG4c4y/kiTayMBQyqmDuxtYSJRMpwy9x5VmQBky4EeggfxKc9RJZ8Zoi:ImTCNTayQ5oY8sw6x5VxnePKKP2o

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2616	oneshot.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2640 wrote to memory of 2616	2640	steamshim.exe	30
PID 2640 wrote to memory of 2616	2640	steamshim.exe	30
PID 2640 wrote to memory of 2616	2640	steamshim.exe	30

C:\Users\Admin\AppData\Local\Temp\OneShot.v2022.12.06\OneShot.v2022.12.06\steamshim.exe
C:\Users\Admin\AppData\Local\Temp\OneShot.v2022.12.06\OneShot.v2022.12.06\steamshim.exe net user administrator /active:yes
1⤵
- Suspicious use of WriteProcessMemory
PID:2640
- C:\Users\Admin\AppData\Local\Temp\OneShot.v2022.12.06\OneShot.v2022.12.06\oneshot.exe
  ".\oneshot.exe" net user administrator /active:yes
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2616