1160b80cc2c29c2d8f539db5f2cf462e22d18a844c209efc1acee557abfb9531

Analysis

Target

1160b80cc2c29c2d8f539db5f2cf462e22d18a844c209efc1acee557abfb9531.exe
Size

1.2MB
MD5

0f7bd05b30f126179999b60c1a107fa9
SHA1

7349ecdca693a8a6805181c4e85f5bd82737b50a
SHA256

1160b80cc2c29c2d8f539db5f2cf462e22d18a844c209efc1acee557abfb9531
SHA512

dabe3688f90256d5b33749c5d329ced04d2419724b44477c9314ab09f7716e506e9c7d00f6c348d422068277972c015b10de43109955eb46ab307c5c4b2ba037

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

1160b80cc2c29c2d8f539db5f2cf462e22d18a844c209efc1acee557abfb9531.exe

description	pid	process	target process
PID 884 set thread context of 2028	884	1160b80cc2c29c2d8f539db5f2cf462e22d18a844c209efc1acee557abfb9531.exe	1160b80cc2c29c2d8f539db5f2cf462e22d18a844c209efc1acee557abfb9531.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

1160b80cc2c29c2d8f539db5f2cf462e22d18a844c209efc1acee557abfb9531.exe

pid process

884 1160b80cc2c29c2d8f539db5f2cf462e22d18a844c209efc1acee557abfb9531.exe

Suspicious behavior: MapViewOfSection 2 IoCs

Processes:

1160b80cc2c29c2d8f539db5f2cf462e22d18a844c209efc1acee557abfb9531.exe

pid	process
884	1160b80cc2c29c2d8f539db5f2cf462e22d18a844c209efc1acee557abfb9531.exe
884	1160b80cc2c29c2d8f539db5f2cf462e22d18a844c209efc1acee557abfb9531.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

1160b80cc2c29c2d8f539db5f2cf462e22d18a844c209efc1acee557abfb9531.exe

description	pid	process	target process
PID 884 wrote to memory of 2028	884	1160b80cc2c29c2d8f539db5f2cf462e22d18a844c209efc1acee557abfb9531.exe	1160b80cc2c29c2d8f539db5f2cf462e22d18a844c209efc1acee557abfb9531.exe
PID 884 wrote to memory of 2028	884	1160b80cc2c29c2d8f539db5f2cf462e22d18a844c209efc1acee557abfb9531.exe	1160b80cc2c29c2d8f539db5f2cf462e22d18a844c209efc1acee557abfb9531.exe
PID 884 wrote to memory of 2028	884	1160b80cc2c29c2d8f539db5f2cf462e22d18a844c209efc1acee557abfb9531.exe	1160b80cc2c29c2d8f539db5f2cf462e22d18a844c209efc1acee557abfb9531.exe
PID 884 wrote to memory of 2028	884	1160b80cc2c29c2d8f539db5f2cf462e22d18a844c209efc1acee557abfb9531.exe	1160b80cc2c29c2d8f539db5f2cf462e22d18a844c209efc1acee557abfb9531.exe

C:\Users\Admin\AppData\Local\Temp\1160b80cc2c29c2d8f539db5f2cf462e22d18a844c209efc1acee557abfb9531.exe
"C:\Users\Admin\AppData\Local\Temp\1160b80cc2c29c2d8f539db5f2cf462e22d18a844c209efc1acee557abfb9531.exe"
2⤵
PID:2028

memory/884-54-0x0000000075801000-0x0000000075803000-memory.dmp

Filesize
8KB

Download
memory/884-55-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/2028-58-0x0000000001E70000-0x0000000001F00000-memory.dmp

Filesize
576KB

Download
memory/2028-57-0x0000000001E70000-0x0000000001F00000-memory.dmp

Filesize
576KB

Download
memory/2028-56-0x00000000004912BF-mapping.dmp

Download
memory/2028-60-0x0000000074AC0000-0x000000007506B000-memory.dmp

Filesize
5.7MB

Download