cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848

Analysis

max time kernel
2s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 10:54

Target

cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848.exe
Size

5.3MB
MD5

206143e841b34ab12185d24d4bc955f6
SHA1

c2e6bec1cf411dfbfddc2c82fe6feb521b228c6b
SHA256

cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848
SHA512

879fb9fc31c3f3a56cf9b78b71dbd5003172a14f5c98a001b16b25d1cf9600dfc49841771602c0909dd0560f1209152f11e7a0a2c09765b7f2c1d64b860e368d
SSDEEP

49152:2ulMTdOMTMOMTpOMTAOMTVMTpOMTAOMTyOMTVMTWOMTpOMTAOMTVMTpOMTAgMTt:2P

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4740 set thread context of 660	4740	cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848.exe	80

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4740	cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848.exe
4740	cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4740 wrote to memory of 660	4740	cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848.exe	80
PID 4740 wrote to memory of 660	4740	cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848.exe	80
PID 4740 wrote to memory of 660	4740	cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848.exe	80
PID 4740 wrote to memory of 660	4740	cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848.exe	80
PID 4740 wrote to memory of 660	4740	cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848.exe	80
PID 4740 wrote to memory of 660	4740	cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848.exe	80

C:\Users\Admin\AppData\Local\Temp\cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848.exe
"C:\Users\Admin\AppData\Local\Temp\cabfcb35ea66f35f4aae85cb932d1f39787d194c43f84e839c3f2be4f612c848.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4740
- C:\Users\Admin\AppData\Local\Temp\bilotwy.exe
  C:\Users\Admin\AppData\Local\Temp\bilotwy.exe
  2⤵
  PID:660