839844cd03415c7ae12a412f2e8f9a6365f87731534a351ea67bfdc6dd36f590

General

Target

839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe
Size

553KB
MD5

81c1e35c6881abcbc98d714a719b35df
SHA1

51a8e02f88f1d6479cfe00a37f65535edaf9786a
SHA256

839844cd03415c7ae12a412f2e8f9a6365f87731534a351ea67bfdc6dd36f590
SHA512

8b58e795deccc008f5accd395cb836dc5f871b5127266fd7e51ab7e3045ca3708ffa539fe3fa784a34d6a0317fe0363b3fc8731acc01a90b073d1f9499750a1e

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe

description	pid	process	target process
PID 804 set thread context of 4044	804	839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe	839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe

description pid process

Token: SeDebugPrivilege 804 839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe

description	pid	process
Token: SeDebugPrivilege	804	839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe

description	pid	process	target process
PID 804 wrote to memory of 4044	804	839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe	839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe
PID 804 wrote to memory of 4044	804	839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe	839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe
PID 804 wrote to memory of 4044	804	839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe	839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe
PID 804 wrote to memory of 4044	804	839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe	839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe
PID 804 wrote to memory of 4044	804	839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe	839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe
PID 804 wrote to memory of 4044	804	839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe	839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe
PID 804 wrote to memory of 4044	804	839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe	839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe
PID 804 wrote to memory of 4044	804	839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe	839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe
PID 804 wrote to memory of 4044	804	839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe	839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe

C:\Users\Admin\AppData\Local\Temp\839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe
C:\Users\Admin\AppData\Local\Temp\839844cd03415c7ae12a412f2e8f9a6365f87731534a3.exe
2⤵
PID:4044

memory/804-114-0x0000000000940000-0x0000000000941000-memory.dmp

Filesize
4KB

Download
memory/804-116-0x00000000056C0000-0x00000000056C1000-memory.dmp

Filesize
4KB

Download
memory/804-117-0x0000000005260000-0x0000000005261000-memory.dmp

Filesize
4KB

Download
memory/804-118-0x00000000051C0000-0x00000000056BE000-memory.dmp

Filesize
5.0MB

Download
memory/804-119-0x0000000005240000-0x0000000005241000-memory.dmp

Filesize
4KB

Download
memory/804-120-0x0000000006CC0000-0x0000000006CC1000-memory.dmp

Filesize
4KB

Download
memory/804-121-0x0000000005680000-0x0000000005681000-memory.dmp

Filesize
4KB

Download
memory/804-122-0x0000000005670000-0x000000000567B000-memory.dmp

Filesize
44KB

Download
memory/4044-123-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/4044-124-0x000000000043DC85-mapping.dmp

Download
memory/4044-125-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download