daedcb1739b3b63ff1865b929d0eabc7861bad3151e063384656c193b5d620d8

Analysis

max time kernel
114s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 16:22

Target

daedcb1739b3b63ff1865b929d0eabc7861bad3151e063384656c193b5d620d8.exe
Size

34KB
MD5

82dfa200f1a3859d5f84786d22c4e841
SHA1

8f58afff72ce46dec19d399f8be193de906f093f
SHA256

daedcb1739b3b63ff1865b929d0eabc7861bad3151e063384656c193b5d620d8
SHA512

5daa66b4b43503a6b6c58341ae5e1781db1f3057ca5f4be9ee9157326b1db2aac53f52de30a0fb6284e5bc1c5f9ef0792ec946aa922922556ffc1114a108bd57
SSDEEP

768:WC/ZZIq55P8S1QZRPas6yjlbY8pxejmc1JsbR0y0DTw:WChWqrnQZBzphY5j91ybsDs

Score

7^/10

Unexpected DNS network traffic destination 5 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3260 set thread context of 4908	3260	daedcb1739b3b63ff1865b929d0eabc7861bad3151e063384656c193b5d620d8.exe	79

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4908	daedcb1739b3b63ff1865b929d0eabc7861bad3151e063384656c193b5d620d8.exe
4908	daedcb1739b3b63ff1865b929d0eabc7861bad3151e063384656c193b5d620d8.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3260 wrote to memory of 4908	3260	daedcb1739b3b63ff1865b929d0eabc7861bad3151e063384656c193b5d620d8.exe	79
PID 3260 wrote to memory of 4908	3260	daedcb1739b3b63ff1865b929d0eabc7861bad3151e063384656c193b5d620d8.exe	79
PID 3260 wrote to memory of 4908	3260	daedcb1739b3b63ff1865b929d0eabc7861bad3151e063384656c193b5d620d8.exe	79
PID 3260 wrote to memory of 4908	3260	daedcb1739b3b63ff1865b929d0eabc7861bad3151e063384656c193b5d620d8.exe	79
PID 3260 wrote to memory of 4908	3260	daedcb1739b3b63ff1865b929d0eabc7861bad3151e063384656c193b5d620d8.exe	79
PID 3260 wrote to memory of 4908	3260	daedcb1739b3b63ff1865b929d0eabc7861bad3151e063384656c193b5d620d8.exe	79
PID 3260 wrote to memory of 4908	3260	daedcb1739b3b63ff1865b929d0eabc7861bad3151e063384656c193b5d620d8.exe	79
PID 3260 wrote to memory of 4908	3260	daedcb1739b3b63ff1865b929d0eabc7861bad3151e063384656c193b5d620d8.exe	79

C:\Users\Admin\AppData\Local\Temp\daedcb1739b3b63ff1865b929d0eabc7861bad3151e063384656c193b5d620d8.exe
"C:\Users\Admin\AppData\Local\Temp\daedcb1739b3b63ff1865b929d0eabc7861bad3151e063384656c193b5d620d8.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3260
- C:\Users\Admin\AppData\Local\Temp\daedcb1739b3b63ff1865b929d0eabc7861bad3151e063384656c193b5d620d8.exe
  "C:\Users\Admin\AppData\Local\Temp\daedcb1739b3b63ff1865b929d0eabc7861bad3151e063384656c193b5d620d8.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4908

memory/4908-133-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4908-135-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4908-136-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download