d3e884dafb03384fd1923fb62a10c46cef967ab91a56d4bea9ddbb2f9893251b

Analysis

max time kernel
180s
max time network
235s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19-10-2022 17:00

Target

d3e884dafb03384fd1923fb62a10c46cef967ab91a56d4bea9ddbb2f9893251b.exe
Size

90KB
MD5

917261429bc944cba20fa569f83a55f1
SHA1

16ba5e8964d6ab2ab41306689e6c6b9f0db09ca5
SHA256

d3e884dafb03384fd1923fb62a10c46cef967ab91a56d4bea9ddbb2f9893251b
SHA512

a64620a2d26f1425071536a319057620739555ad8675daa9589b236bf81a880509d910bd71da1aef54400acf75ec18cb03db89b61376edc9ca13e3baf992d101
SSDEEP

1536:Y5rY4s5J1/9qjlrXPTimwCUBtS5Q5grdU3+kNS9Y/bmF6uIo6nX7mNeomBZzJ1J2:KYpJ7qjJ/HeaQ5g2Ow2Y/bmF65NCNeo3

Score

7^/10

Unexpected DNS network traffic destination 5 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4556 set thread context of 360	4556	d3e884dafb03384fd1923fb62a10c46cef967ab91a56d4bea9ddbb2f9893251b.exe	81

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
360	d3e884dafb03384fd1923fb62a10c46cef967ab91a56d4bea9ddbb2f9893251b.exe
360	d3e884dafb03384fd1923fb62a10c46cef967ab91a56d4bea9ddbb2f9893251b.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4556 wrote to memory of 360	4556	d3e884dafb03384fd1923fb62a10c46cef967ab91a56d4bea9ddbb2f9893251b.exe	81
PID 4556 wrote to memory of 360	4556	d3e884dafb03384fd1923fb62a10c46cef967ab91a56d4bea9ddbb2f9893251b.exe	81
PID 4556 wrote to memory of 360	4556	d3e884dafb03384fd1923fb62a10c46cef967ab91a56d4bea9ddbb2f9893251b.exe	81
PID 4556 wrote to memory of 360	4556	d3e884dafb03384fd1923fb62a10c46cef967ab91a56d4bea9ddbb2f9893251b.exe	81
PID 4556 wrote to memory of 360	4556	d3e884dafb03384fd1923fb62a10c46cef967ab91a56d4bea9ddbb2f9893251b.exe	81
PID 4556 wrote to memory of 360	4556	d3e884dafb03384fd1923fb62a10c46cef967ab91a56d4bea9ddbb2f9893251b.exe	81
PID 4556 wrote to memory of 360	4556	d3e884dafb03384fd1923fb62a10c46cef967ab91a56d4bea9ddbb2f9893251b.exe	81
PID 4556 wrote to memory of 360	4556	d3e884dafb03384fd1923fb62a10c46cef967ab91a56d4bea9ddbb2f9893251b.exe	81

C:\Users\Admin\AppData\Local\Temp\d3e884dafb03384fd1923fb62a10c46cef967ab91a56d4bea9ddbb2f9893251b.exe
"C:\Users\Admin\AppData\Local\Temp\d3e884dafb03384fd1923fb62a10c46cef967ab91a56d4bea9ddbb2f9893251b.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4556
- C:\Users\Admin\AppData\Local\Temp\d3e884dafb03384fd1923fb62a10c46cef967ab91a56d4bea9ddbb2f9893251b.exe
  "C:\Users\Admin\AppData\Local\Temp\d3e884dafb03384fd1923fb62a10c46cef967ab91a56d4bea9ddbb2f9893251b.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:360

memory/360-133-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/360-135-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/360-136-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download