d7854719c33f72a1afa0c562bdf44a8941b4017fbe90a215636aad91d1bf4f10

Analysis

Target

296968fa478ce8b4832446c33afc37a5.exe
Size

54KB
MD5

296968fa478ce8b4832446c33afc37a5
SHA1

b8331521ad1beb8814c5b50d9e16430440bb2947
SHA256

d7854719c33f72a1afa0c562bdf44a8941b4017fbe90a215636aad91d1bf4f10
SHA512

e0eb126fae4a10f8bde0e684429a77739676c2a54ac9db313376e8e4335bc157523dc4b2781fd663cbf03ca92572308ab1a5e949d443a18d14da579bf9cc3e4d

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2116 set thread context of 3140	2116	296968fa478ce8b4832446c33afc37a5.exe	80

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 3532	2116	296968fa478ce8b4832446c33afc37a5.exe	77
PID 2116 wrote to memory of 3532	2116	296968fa478ce8b4832446c33afc37a5.exe	77
PID 2116 wrote to memory of 3532	2116	296968fa478ce8b4832446c33afc37a5.exe	77
PID 2116 wrote to memory of 3140	2116	296968fa478ce8b4832446c33afc37a5.exe	80
PID 2116 wrote to memory of 3140	2116	296968fa478ce8b4832446c33afc37a5.exe	80
PID 2116 wrote to memory of 3140	2116	296968fa478ce8b4832446c33afc37a5.exe	80
PID 2116 wrote to memory of 3140	2116	296968fa478ce8b4832446c33afc37a5.exe	80
PID 2116 wrote to memory of 3140	2116	296968fa478ce8b4832446c33afc37a5.exe	80
PID 2116 wrote to memory of 3140	2116	296968fa478ce8b4832446c33afc37a5.exe	80
PID 2116 wrote to memory of 3140	2116	296968fa478ce8b4832446c33afc37a5.exe	80
PID 2116 wrote to memory of 3140	2116	296968fa478ce8b4832446c33afc37a5.exe	80
PID 2116 wrote to memory of 3140	2116	296968fa478ce8b4832446c33afc37a5.exe	80

C:\Users\Admin\AppData\Local\Temp\296968fa478ce8b4832446c33afc37a5.exe
"C:\Users\Admin\AppData\Local\Temp\296968fa478ce8b4832446c33afc37a5.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Users\Admin\AppData\Local\Temp\296968fa478ce8b4832446c33afc37a5.exe
  C:\Users\Admin\AppData\Local\Temp\296968fa478ce8b4832446c33afc37a5.exe
  2⤵
  PID:3532
- C:\Users\Admin\AppData\Local\Temp\296968fa478ce8b4832446c33afc37a5.exe
  C:\Users\Admin\AppData\Local\Temp\296968fa478ce8b4832446c33afc37a5.exe
  2⤵
  PID:3140

memory/2116-114-0x0000000000D10000-0x0000000000D11000-memory.dmp

Filesize
4KB

Download
memory/2116-116-0x0000000005550000-0x0000000005551000-memory.dmp

Filesize
4KB

Download
memory/2116-117-0x0000000001790000-0x0000000001791000-memory.dmp

Filesize
4KB

Download
memory/2116-118-0x00000000056F0000-0x00000000056F1000-memory.dmp

Filesize
4KB

Download
memory/3140-119-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/3140-121-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download