21beb543f43c5f2213897a63877efe0141f54d30cfed3124af335df512a805f8

Analysis

max time kernel
144s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 21:14

Target

21beb543f43c5f2213897a63877efe0141f54d30cfed3124af335df512a805f8.exe
Size

244KB
MD5

0069ab7f582514837fa7e8662e740d2d
SHA1

b626ed5a27267b0d75c15c377728db0ae0297efb
SHA256

21beb543f43c5f2213897a63877efe0141f54d30cfed3124af335df512a805f8
SHA512

355ff1116f942375e74ceeaf1f0ab752453f61d470ceacd5e170314ef3a5ad669187a9e88714e89daa25a4110707b4b2d39010f5f1d621e9528c2cbe678fa787
SSDEEP

3072:vXCwB2ghiyz7ieDIS8rDNu0myAqVEYHcCexR4J0NZNi9L9pbrFRr933JWGiPaktp:vXTB2gJqdAXqqNZNkL9p/F3sGie

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4244 set thread context of 2208	4244	21beb543f43c5f2213897a63877efe0141f54d30cfed3124af335df512a805f8.exe	79

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2208	21beb543f43c5f2213897a63877efe0141f54d30cfed3124af335df512a805f8.exe
2208	21beb543f43c5f2213897a63877efe0141f54d30cfed3124af335df512a805f8.exe
2208	21beb543f43c5f2213897a63877efe0141f54d30cfed3124af335df512a805f8.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2208	21beb543f43c5f2213897a63877efe0141f54d30cfed3124af335df512a805f8.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4244	21beb543f43c5f2213897a63877efe0141f54d30cfed3124af335df512a805f8.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4244 wrote to memory of 2208	4244	21beb543f43c5f2213897a63877efe0141f54d30cfed3124af335df512a805f8.exe	79
PID 4244 wrote to memory of 2208	4244	21beb543f43c5f2213897a63877efe0141f54d30cfed3124af335df512a805f8.exe	79
PID 4244 wrote to memory of 2208	4244	21beb543f43c5f2213897a63877efe0141f54d30cfed3124af335df512a805f8.exe	79
PID 4244 wrote to memory of 2208	4244	21beb543f43c5f2213897a63877efe0141f54d30cfed3124af335df512a805f8.exe	79
PID 4244 wrote to memory of 2208	4244	21beb543f43c5f2213897a63877efe0141f54d30cfed3124af335df512a805f8.exe	79
PID 4244 wrote to memory of 2208	4244	21beb543f43c5f2213897a63877efe0141f54d30cfed3124af335df512a805f8.exe	79
PID 4244 wrote to memory of 2208	4244	21beb543f43c5f2213897a63877efe0141f54d30cfed3124af335df512a805f8.exe	79
PID 4244 wrote to memory of 2208	4244	21beb543f43c5f2213897a63877efe0141f54d30cfed3124af335df512a805f8.exe	79
PID 4244 wrote to memory of 2208	4244	21beb543f43c5f2213897a63877efe0141f54d30cfed3124af335df512a805f8.exe	79

memory/2208-136-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/2208-139-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/2208-140-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/2208-141-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/4244-134-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/4244-138-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download