9d8d0c90b0fc5c3343a7f615c01f16cb859ef6fa37e46cdad9548787489f0996

Analysis

max time kernel
21s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/10/2022, 01:37

Target

9d8d0c90b0fc5c3343a7f615c01f16cb859ef6fa37e46cdad9548787489f0996.exe
Size

576KB
MD5

102f924661a4788b3779c98c3f4729e0
SHA1

07a00ddb67eacc5052ab914f8969940730839362
SHA256

9d8d0c90b0fc5c3343a7f615c01f16cb859ef6fa37e46cdad9548787489f0996
SHA512

a0863f92bc1c5f8c9a433a64258e56664a12243a1bef741b61eebb47baaee3443bc038d9a17cdc44298c14fa137cc7dbcb23b0ec44f98afc98bdbb99f95d6349
SSDEEP

6144:y7lB27PYyYWIei23/lyl+GApU7ucEvsXGrNJ0gHnd2qNXggiuB/M/DlghHbN4zHe:ycPwT2PloKcEYo0Yggnos0todLnmMl

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
2028	9d8d0c90b0fc5c3343a7f615c01f16cb859ef6fa37e46cdad9548787489f0996.exe
844	9d8d0c90b0fc5c3343a7f615c01f16cb859ef6fa37e46cdad9548787489f0996.exe
1436	9d8d0c90b0fc5c3343a7f615c01f16cb859ef6fa37e46cdad9548787489f0996.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 844	2028	9d8d0c90b0fc5c3343a7f615c01f16cb859ef6fa37e46cdad9548787489f0996.exe	28
PID 2028 wrote to memory of 844	2028	9d8d0c90b0fc5c3343a7f615c01f16cb859ef6fa37e46cdad9548787489f0996.exe	28
PID 2028 wrote to memory of 844	2028	9d8d0c90b0fc5c3343a7f615c01f16cb859ef6fa37e46cdad9548787489f0996.exe	28
PID 2028 wrote to memory of 844	2028	9d8d0c90b0fc5c3343a7f615c01f16cb859ef6fa37e46cdad9548787489f0996.exe	28
PID 2028 wrote to memory of 1436	2028	9d8d0c90b0fc5c3343a7f615c01f16cb859ef6fa37e46cdad9548787489f0996.exe	29
PID 2028 wrote to memory of 1436	2028	9d8d0c90b0fc5c3343a7f615c01f16cb859ef6fa37e46cdad9548787489f0996.exe	29
PID 2028 wrote to memory of 1436	2028	9d8d0c90b0fc5c3343a7f615c01f16cb859ef6fa37e46cdad9548787489f0996.exe	29
PID 2028 wrote to memory of 1436	2028	9d8d0c90b0fc5c3343a7f615c01f16cb859ef6fa37e46cdad9548787489f0996.exe	29

C:\Users\Admin\AppData\Local\Temp\9d8d0c90b0fc5c3343a7f615c01f16cb859ef6fa37e46cdad9548787489f0996.exe
"C:\Users\Admin\AppData\Local\Temp\9d8d0c90b0fc5c3343a7f615c01f16cb859ef6fa37e46cdad9548787489f0996.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Users\Admin\AppData\Local\Temp\9d8d0c90b0fc5c3343a7f615c01f16cb859ef6fa37e46cdad9548787489f0996.exe
  start
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:844
- C:\Users\Admin\AppData\Local\Temp\9d8d0c90b0fc5c3343a7f615c01f16cb859ef6fa37e46cdad9548787489f0996.exe
  watch
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:1436

memory/844-61-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/844-62-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/844-63-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/1436-60-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/1436-64-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/2028-54-0x00000000762F1000-0x00000000762F3000-memory.dmp

Filesize
8KB

Download
memory/2028-59-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download