e85525a3e498b68777c9d28183bc8c7ca75d171d8159b74c5a5a581a85bd6772

Analysis

max time kernel
112s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 04:09

Target

e85525a3e498b68777c9d28183bc8c7ca75d171d8159b74c5a5a581a85bd6772.exe
Size

42KB
MD5

e196319e5cd202d9ae58146c72d29209
SHA1

bed755e76d874fbcb2e9c114e87c9e19e2993d6e
SHA256

e85525a3e498b68777c9d28183bc8c7ca75d171d8159b74c5a5a581a85bd6772
SHA512

db818d443c09b8704399fda94afbcae4c5d078716ae22a04a41981d6e152ac8cf4ecda3800ab36201521a9b092df2762fe494d1281f7f9fd120d2f2b3e9561ed
SSDEEP

768:RYLsmUa4W/k3JYjKjOcD5a3EiyzSAD5a3EiyzS:2smUEeOcD5li8fD5li8

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4880 set thread context of 1324	4880	e85525a3e498b68777c9d28183bc8c7ca75d171d8159b74c5a5a581a85bd6772.exe	82

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
1324	e85525a3e498b68777c9d28183bc8c7ca75d171d8159b74c5a5a581a85bd6772.exe
1324	e85525a3e498b68777c9d28183bc8c7ca75d171d8159b74c5a5a581a85bd6772.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4880 wrote to memory of 1324	4880	e85525a3e498b68777c9d28183bc8c7ca75d171d8159b74c5a5a581a85bd6772.exe	82
PID 4880 wrote to memory of 1324	4880	e85525a3e498b68777c9d28183bc8c7ca75d171d8159b74c5a5a581a85bd6772.exe	82
PID 4880 wrote to memory of 1324	4880	e85525a3e498b68777c9d28183bc8c7ca75d171d8159b74c5a5a581a85bd6772.exe	82
PID 4880 wrote to memory of 1324	4880	e85525a3e498b68777c9d28183bc8c7ca75d171d8159b74c5a5a581a85bd6772.exe	82
PID 4880 wrote to memory of 1324	4880	e85525a3e498b68777c9d28183bc8c7ca75d171d8159b74c5a5a581a85bd6772.exe	82
PID 4880 wrote to memory of 1324	4880	e85525a3e498b68777c9d28183bc8c7ca75d171d8159b74c5a5a581a85bd6772.exe	82
PID 4880 wrote to memory of 1324	4880	e85525a3e498b68777c9d28183bc8c7ca75d171d8159b74c5a5a581a85bd6772.exe	82
PID 1324 wrote to memory of 356	1324	e85525a3e498b68777c9d28183bc8c7ca75d171d8159b74c5a5a581a85bd6772.exe	83
PID 1324 wrote to memory of 356	1324	e85525a3e498b68777c9d28183bc8c7ca75d171d8159b74c5a5a581a85bd6772.exe	83
PID 1324 wrote to memory of 356	1324	e85525a3e498b68777c9d28183bc8c7ca75d171d8159b74c5a5a581a85bd6772.exe	83

memory/1324-133-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download
memory/1324-135-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download