c23ce16d883e51f851dbbcb25f202736829e022943471d93133010a56fb63161

Analysis

max time kernel
104s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 17:23

Target

c23ce16d883e51f851dbbcb25f202736829e022943471d93133010a56fb63161.exe
Size

107KB
MD5

82bf16d00bf8e3e2e8630d45131a7c30
SHA1

299530d9435884f58b12836da7c8d4b4cde414cf
SHA256

c23ce16d883e51f851dbbcb25f202736829e022943471d93133010a56fb63161
SHA512

bdc94097ee697c8f88b4ca73dabd4c8de30d23cf25c04fda3d7e55dda82cff6ceb7781c23dcf127050ec08397cd6f62f01ff6cd0b91ffeef486ade7b24e27077
SSDEEP

3072:8zecKgDUUYEYY49rQ5knbV2stF11+vzx4:8zeIkmcbttF1d

Score

7^/10

Unexpected DNS network traffic destination 5 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3544 set thread context of 1868	3544	c23ce16d883e51f851dbbcb25f202736829e022943471d93133010a56fb63161.exe	80

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3544 wrote to memory of 1868	3544	c23ce16d883e51f851dbbcb25f202736829e022943471d93133010a56fb63161.exe	80
PID 3544 wrote to memory of 1868	3544	c23ce16d883e51f851dbbcb25f202736829e022943471d93133010a56fb63161.exe	80
PID 3544 wrote to memory of 1868	3544	c23ce16d883e51f851dbbcb25f202736829e022943471d93133010a56fb63161.exe	80
PID 3544 wrote to memory of 1868	3544	c23ce16d883e51f851dbbcb25f202736829e022943471d93133010a56fb63161.exe	80
PID 3544 wrote to memory of 1868	3544	c23ce16d883e51f851dbbcb25f202736829e022943471d93133010a56fb63161.exe	80
PID 3544 wrote to memory of 1868	3544	c23ce16d883e51f851dbbcb25f202736829e022943471d93133010a56fb63161.exe	80
PID 3544 wrote to memory of 1868	3544	c23ce16d883e51f851dbbcb25f202736829e022943471d93133010a56fb63161.exe	80
PID 3544 wrote to memory of 1868	3544	c23ce16d883e51f851dbbcb25f202736829e022943471d93133010a56fb63161.exe	80
PID 3544 wrote to memory of 1868	3544	c23ce16d883e51f851dbbcb25f202736829e022943471d93133010a56fb63161.exe	80

C:\Users\Admin\AppData\Local\Temp\c23ce16d883e51f851dbbcb25f202736829e022943471d93133010a56fb63161.exe
"C:\Users\Admin\AppData\Local\Temp\c23ce16d883e51f851dbbcb25f202736829e022943471d93133010a56fb63161.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3544
- C:\Users\Admin\AppData\Local\Temp\c23ce16d883e51f851dbbcb25f202736829e022943471d93133010a56fb63161.exe
  "C:\Users\Admin\AppData\Local\Temp\c23ce16d883e51f851dbbcb25f202736829e022943471d93133010a56fb63161.exe"
  2⤵
  PID:1868

memory/1868-133-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1868-135-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1868-136-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1868-137-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download