d4d9ec80dd6db85a5800d9b6aa5721c02c502bbe8a5dcbf1f6d9c1fb9c057594

Analysis

max time kernel
138s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 13:26

Target

d4d9ec80dd6db85a5800d9b6aa5721c02c502bbe8a5dcbf1f6d9c1fb9c057594.exe
Size

309KB
MD5

6e17ce71dc6a08d9af61d701a8afbe40
SHA1

51993a20746bdf9767f9c1a11d5acfdb767bf5d0
SHA256

d4d9ec80dd6db85a5800d9b6aa5721c02c502bbe8a5dcbf1f6d9c1fb9c057594
SHA512

8eab12e74379e43e9cfea5f85195544aa3d6bd4439b3107fbcf7049e6a18cf74c14b6b0cdff442cdbb8167e38d66f101ca767e3010b7036f618e07d441d35b31
SSDEEP

6144:8gFMMbsd0Pp4ORTbuq6DkskVa2XkQykfHrN6cDIvgFHXgUo:bFNId0p4OBuq6DaxmkvrXMvwo

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4852 set thread context of 3392	4852	d4d9ec80dd6db85a5800d9b6aa5721c02c502bbe8a5dcbf1f6d9c1fb9c057594.exe	83

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4852 wrote to memory of 3392	4852	d4d9ec80dd6db85a5800d9b6aa5721c02c502bbe8a5dcbf1f6d9c1fb9c057594.exe	83
PID 4852 wrote to memory of 3392	4852	d4d9ec80dd6db85a5800d9b6aa5721c02c502bbe8a5dcbf1f6d9c1fb9c057594.exe	83
PID 4852 wrote to memory of 3392	4852	d4d9ec80dd6db85a5800d9b6aa5721c02c502bbe8a5dcbf1f6d9c1fb9c057594.exe	83
PID 4852 wrote to memory of 3392	4852	d4d9ec80dd6db85a5800d9b6aa5721c02c502bbe8a5dcbf1f6d9c1fb9c057594.exe	83
PID 4852 wrote to memory of 3392	4852	d4d9ec80dd6db85a5800d9b6aa5721c02c502bbe8a5dcbf1f6d9c1fb9c057594.exe	83
PID 4852 wrote to memory of 3392	4852	d4d9ec80dd6db85a5800d9b6aa5721c02c502bbe8a5dcbf1f6d9c1fb9c057594.exe	83
PID 4852 wrote to memory of 3392	4852	d4d9ec80dd6db85a5800d9b6aa5721c02c502bbe8a5dcbf1f6d9c1fb9c057594.exe	83
PID 4852 wrote to memory of 3392	4852	d4d9ec80dd6db85a5800d9b6aa5721c02c502bbe8a5dcbf1f6d9c1fb9c057594.exe	83

C:\Users\Admin\AppData\Local\Temp\d4d9ec80dd6db85a5800d9b6aa5721c02c502bbe8a5dcbf1f6d9c1fb9c057594.exe
"C:\Users\Admin\AppData\Local\Temp\d4d9ec80dd6db85a5800d9b6aa5721c02c502bbe8a5dcbf1f6d9c1fb9c057594.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4852
- \??\c:\users\admin\appdata\local\temp\d4d9ec80dd6db85a5800d9b6aa5721c02c502bbe8a5dcbf1f6d9c1fb9c057594.exe
  "c:\users\admin\appdata\local\temp\d4d9ec80dd6db85a5800d9b6aa5721c02c502bbe8a5dcbf1f6d9c1fb9c057594.exe"
  2⤵
  PID:3392

memory/3392-133-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/3392-134-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/3392-135-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download