887a738175d1b28c4f56cd6cd1005513359bf258ae65829cb7e22d35f52acc91

Analysis

max time kernel
105s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 01:00

Target

887a738175d1b28c4f56cd6cd1005513359bf258ae65829cb7e22d35f52acc91.exe
Size

352KB
MD5

435175a2762745dbbac1fe6ba5e0e549
SHA1

38abed3aa709c797748bd39880a68e9e907cf3d5
SHA256

887a738175d1b28c4f56cd6cd1005513359bf258ae65829cb7e22d35f52acc91
SHA512

361038a176c3ea27d700841a20f8317831b90ab6e5b4d46624ae78f161f74da406ea5f55020c2fd39f28003594f85c25e14c12337daf9323e37f32cf2a6218ff
SSDEEP

6144:xoNlRvK/+CX5UrpYe2ZjSA/cTy5dBQQUG4q+PwQ86n:GKRU1YxjRkm3BQhwQ86n

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1676 set thread context of 2620	1676	887a738175d1b28c4f56cd6cd1005513359bf258ae65829cb7e22d35f52acc91.exe	86

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 2620	1676	887a738175d1b28c4f56cd6cd1005513359bf258ae65829cb7e22d35f52acc91.exe	86
PID 1676 wrote to memory of 2620	1676	887a738175d1b28c4f56cd6cd1005513359bf258ae65829cb7e22d35f52acc91.exe	86
PID 1676 wrote to memory of 2620	1676	887a738175d1b28c4f56cd6cd1005513359bf258ae65829cb7e22d35f52acc91.exe	86
PID 1676 wrote to memory of 2620	1676	887a738175d1b28c4f56cd6cd1005513359bf258ae65829cb7e22d35f52acc91.exe	86
PID 1676 wrote to memory of 2620	1676	887a738175d1b28c4f56cd6cd1005513359bf258ae65829cb7e22d35f52acc91.exe	86
PID 1676 wrote to memory of 2620	1676	887a738175d1b28c4f56cd6cd1005513359bf258ae65829cb7e22d35f52acc91.exe	86
PID 1676 wrote to memory of 2620	1676	887a738175d1b28c4f56cd6cd1005513359bf258ae65829cb7e22d35f52acc91.exe	86
PID 1676 wrote to memory of 2620	1676	887a738175d1b28c4f56cd6cd1005513359bf258ae65829cb7e22d35f52acc91.exe	86

C:\Users\Admin\AppData\Local\Temp\887a738175d1b28c4f56cd6cd1005513359bf258ae65829cb7e22d35f52acc91.exe
"C:\Users\Admin\AppData\Local\Temp\887a738175d1b28c4f56cd6cd1005513359bf258ae65829cb7e22d35f52acc91.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Users\Admin\AppData\Local\Temp\887a738175d1b28c4f56cd6cd1005513359bf258ae65829cb7e22d35f52acc91.exe
  "C:\Users\Admin\AppData\Local\Temp\887a738175d1b28c4f56cd6cd1005513359bf258ae65829cb7e22d35f52acc91.exe"
  2⤵
  PID:2620

memory/1676-132-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/1676-136-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/2620-134-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2620-135-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/2620-137-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download