53e8580869746629363084136d0595b2e96321fe970d51059a6eb13b2b81bda2

Analysis

max time kernel
143s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 15:37

Target

53e8580869746629363084136d0595b2e96321fe970d51059a6eb13b2b81bda2.exe
Size

409KB
MD5

1696f5996e2fc95cec69c1b9b39bcc5e
SHA1

80a37a5b036620f6a7960a7a33db4a3b4899624d
SHA256

53e8580869746629363084136d0595b2e96321fe970d51059a6eb13b2b81bda2
SHA512

60c198dacc335a891edcc842c6c8bc7d2fd8087acb550167f9d7dd54acec15c98668c49c4ce69cde5aa0f5be11618a4d47594f27625d7a537a113db5160d35f0
SSDEEP

6144:X1QWCi1sJ9iHbGudVGdjJw8v5kmRSumQ1Awk0OhmI+LbjkqbY+n123t:uWCi1sJYPewk5WY1tOhmDYUq

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1912 set thread context of 4180	1912	53e8580869746629363084136d0595b2e96321fe970d51059a6eb13b2b81bda2.exe	80

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 4180	1912	53e8580869746629363084136d0595b2e96321fe970d51059a6eb13b2b81bda2.exe	80
PID 1912 wrote to memory of 4180	1912	53e8580869746629363084136d0595b2e96321fe970d51059a6eb13b2b81bda2.exe	80
PID 1912 wrote to memory of 4180	1912	53e8580869746629363084136d0595b2e96321fe970d51059a6eb13b2b81bda2.exe	80
PID 1912 wrote to memory of 4180	1912	53e8580869746629363084136d0595b2e96321fe970d51059a6eb13b2b81bda2.exe	80
PID 1912 wrote to memory of 4180	1912	53e8580869746629363084136d0595b2e96321fe970d51059a6eb13b2b81bda2.exe	80

C:\Users\Admin\AppData\Local\Temp\53e8580869746629363084136d0595b2e96321fe970d51059a6eb13b2b81bda2.exe
"C:\Users\Admin\AppData\Local\Temp\53e8580869746629363084136d0595b2e96321fe970d51059a6eb13b2b81bda2.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Users\Admin\AppData\Local\Temp\53e8580869746629363084136d0595b2e96321fe970d51059a6eb13b2b81bda2.exe
  C:\Users\Admin\AppData\Local\Temp\53e8580869746629363084136d0595b2e96321fe970d51059a6eb13b2b81bda2.exe
  2⤵
  PID:4180

memory/4180-133-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4180-135-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4180-136-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4180-137-0x0000000000020000-0x0000000000031000-memory.dmp

Filesize
68KB

Download