f1d64a778832dedb64dc43294c264bc9354cceb94d18902a16533dcaa85829c5

Analysis

max time kernel
164s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 11:50

Target

f1d64a778832dedb64dc43294c264bc9354cceb94d18902a16533dcaa85829c5.exe
Size

81KB
MD5

70b25d463cc0653946e8089233d3f849
SHA1

77170ecf90423f81fc31e175fc07af708bc4d529
SHA256

f1d64a778832dedb64dc43294c264bc9354cceb94d18902a16533dcaa85829c5
SHA512

0b91767a6032581e038b9e626729d2bf15f3634175baec7d65c7024c7bbbfcd783ab645d41f72d20f4be7b74e67bec255dce9e428fe0c6dba602029c07960795
SSDEEP

1536:TLZCiO9dFbyDay1duUy2HoHuhcrt7/rzrfEqDG7q9PubDY8x8c3vw1:/4iO/FbGay3/HoFPzrc77OWw8x8c3Y1

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2184 set thread context of 4764	2184	f1d64a778832dedb64dc43294c264bc9354cceb94d18902a16533dcaa85829c5.exe	81

Modifies registry class 2 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	f1d64a778832dedb64dc43294c264bc9354cceb94d18902a16533dcaa85829c5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	f1d64a778832dedb64dc43294c264bc9354cceb94d18902a16533dcaa85829c5.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4764	f1d64a778832dedb64dc43294c264bc9354cceb94d18902a16533dcaa85829c5.exe
4764	f1d64a778832dedb64dc43294c264bc9354cceb94d18902a16533dcaa85829c5.exe
4764	f1d64a778832dedb64dc43294c264bc9354cceb94d18902a16533dcaa85829c5.exe
4764	f1d64a778832dedb64dc43294c264bc9354cceb94d18902a16533dcaa85829c5.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 4764	2184	f1d64a778832dedb64dc43294c264bc9354cceb94d18902a16533dcaa85829c5.exe	81
PID 2184 wrote to memory of 4764	2184	f1d64a778832dedb64dc43294c264bc9354cceb94d18902a16533dcaa85829c5.exe	81
PID 2184 wrote to memory of 4764	2184	f1d64a778832dedb64dc43294c264bc9354cceb94d18902a16533dcaa85829c5.exe	81
PID 2184 wrote to memory of 4764	2184	f1d64a778832dedb64dc43294c264bc9354cceb94d18902a16533dcaa85829c5.exe	81
PID 2184 wrote to memory of 4764	2184	f1d64a778832dedb64dc43294c264bc9354cceb94d18902a16533dcaa85829c5.exe	81
PID 2184 wrote to memory of 4764	2184	f1d64a778832dedb64dc43294c264bc9354cceb94d18902a16533dcaa85829c5.exe	81
PID 2184 wrote to memory of 4764	2184	f1d64a778832dedb64dc43294c264bc9354cceb94d18902a16533dcaa85829c5.exe	81
PID 4764 wrote to memory of 3076	4764	f1d64a778832dedb64dc43294c264bc9354cceb94d18902a16533dcaa85829c5.exe	48
PID 4764 wrote to memory of 3076	4764	f1d64a778832dedb64dc43294c264bc9354cceb94d18902a16533dcaa85829c5.exe	48
PID 4764 wrote to memory of 3076	4764	f1d64a778832dedb64dc43294c264bc9354cceb94d18902a16533dcaa85829c5.exe	48
PID 4764 wrote to memory of 3076	4764	f1d64a778832dedb64dc43294c264bc9354cceb94d18902a16533dcaa85829c5.exe	48

memory/3076-139-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/4764-133-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4764-134-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4764-137-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/4764-138-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4764-140-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download