aa3e079ec98ce5e1831939ceef4ced1f762f4fd45170089aabc66aae1b79a835

Analysis

max time kernel
103s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2022 18:12

Target

aa3e079ec98ce5e1831939ceef4ced1f762f4fd45170089aabc66aae1b79a835.exe
Size

90KB
MD5

76c33b2cb508f2cc32a9d26781449890
SHA1

f917eefd3074e6527938e5d2d6ddd20f86e3fa4e
SHA256

aa3e079ec98ce5e1831939ceef4ced1f762f4fd45170089aabc66aae1b79a835
SHA512

2914b46ef3fcb0b0bd78f0bb7e41fbcefc3c4d6768b8c1ddda0627b14e1725758a5251515bcc4e9470e9d6a3c21e30786acd06cd94dc98ce8c205d261e755622
SSDEEP

1536:Y5rY4s5J1/9qjlrXPTimwCUBtS5Q5grdU3+kNS9Y/bmF6uIo6nX7mNeomBZzJ1JF:KYpJ7qjJ/HeaQ5g2Ow2Y/bmF65NCNeoU

Score

7^/10

Unexpected DNS network traffic destination 5 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1016 set thread context of 3620	1016	aa3e079ec98ce5e1831939ceef4ced1f762f4fd45170089aabc66aae1b79a835.exe	82

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3620	aa3e079ec98ce5e1831939ceef4ced1f762f4fd45170089aabc66aae1b79a835.exe
3620	aa3e079ec98ce5e1831939ceef4ced1f762f4fd45170089aabc66aae1b79a835.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1016 wrote to memory of 3620	1016	aa3e079ec98ce5e1831939ceef4ced1f762f4fd45170089aabc66aae1b79a835.exe	82
PID 1016 wrote to memory of 3620	1016	aa3e079ec98ce5e1831939ceef4ced1f762f4fd45170089aabc66aae1b79a835.exe	82
PID 1016 wrote to memory of 3620	1016	aa3e079ec98ce5e1831939ceef4ced1f762f4fd45170089aabc66aae1b79a835.exe	82
PID 1016 wrote to memory of 3620	1016	aa3e079ec98ce5e1831939ceef4ced1f762f4fd45170089aabc66aae1b79a835.exe	82
PID 1016 wrote to memory of 3620	1016	aa3e079ec98ce5e1831939ceef4ced1f762f4fd45170089aabc66aae1b79a835.exe	82
PID 1016 wrote to memory of 3620	1016	aa3e079ec98ce5e1831939ceef4ced1f762f4fd45170089aabc66aae1b79a835.exe	82
PID 1016 wrote to memory of 3620	1016	aa3e079ec98ce5e1831939ceef4ced1f762f4fd45170089aabc66aae1b79a835.exe	82
PID 1016 wrote to memory of 3620	1016	aa3e079ec98ce5e1831939ceef4ced1f762f4fd45170089aabc66aae1b79a835.exe	82

C:\Users\Admin\AppData\Local\Temp\aa3e079ec98ce5e1831939ceef4ced1f762f4fd45170089aabc66aae1b79a835.exe
"C:\Users\Admin\AppData\Local\Temp\aa3e079ec98ce5e1831939ceef4ced1f762f4fd45170089aabc66aae1b79a835.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1016
- C:\Users\Admin\AppData\Local\Temp\aa3e079ec98ce5e1831939ceef4ced1f762f4fd45170089aabc66aae1b79a835.exe
  "C:\Users\Admin\AppData\Local\Temp\aa3e079ec98ce5e1831939ceef4ced1f762f4fd45170089aabc66aae1b79a835.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3620

memory/3620-133-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3620-132-0x0000000000000000-mapping.dmp

Download
memory/3620-135-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3620-136-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download