6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f

Analysis

Target

6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f.exe
Size

1.0MB
MD5

5e8183e3395b2c6c6ac39d40d28f3f8a
SHA1

f51db7e5d9dd7de25ee9b094a25a2fa593e8040d
SHA256

6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f
SHA512

be4138a2672d98822ec75b6892cd84120b2aee166bd332d961db812e8acd0c60f53fb7626aa29192304fcf6d9c1de09197959cd477d95c34c7a761fe5142731a

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f.exe

description	pid	process	target process
PID 1476 set thread context of 4576	1476	6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f.exe	6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f.exe

pid	process
1476	6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f.exe
1476	6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f.exe

Suspicious behavior: MapViewOfSection 2 IoCs

Processes:

6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f.exe

pid	process
1476	6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f.exe
1476	6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f.exe

description	pid	process	target process
PID 1476 wrote to memory of 4576	1476	6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f.exe	6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f.exe
PID 1476 wrote to memory of 4576	1476	6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f.exe	6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f.exe
PID 1476 wrote to memory of 4576	1476	6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f.exe	6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f.exe

C:\Users\Admin\AppData\Local\Temp\6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f.exe
"C:\Users\Admin\AppData\Local\Temp\6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f.exe"
2⤵
PID:4576

memory/1476-130-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/1476-131-0x0000000000400000-0x000000000050F000-memory.dmp

Filesize
1.1MB

Download
memory/4576-133-0x0000000000A80000-0x0000000000AE0000-memory.dmp

Filesize
384KB

Download
memory/4576-132-0x0000000000A80000-0x0000000000AE0000-memory.dmp

Filesize
384KB

Download
memory/4576-134-0x0000000000400000-0x00000000004CA000-memory.dmp

Filesize
808KB

Download