beda91d0db86942f2e472a6659cc7c773f80415f220bcb8f1090c8237928f405

Analysis

max time kernel
106s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/11/2022, 17:09

Target

beda91d0db86942f2e472a6659cc7c773f80415f220bcb8f1090c8237928f405.exe
Size

328KB
MD5

4645aa6233bc0efe04538575d66187e6
SHA1

468de0b67bcc244b702975bfeaabd980457c5f01
SHA256

beda91d0db86942f2e472a6659cc7c773f80415f220bcb8f1090c8237928f405
SHA512

b7a71774416e547ca8af7d01b97c15fca18f6ca90942117eaf15bf8409ed013b67d4f5e3d78e5faa604e758c01679e08367a90c8d52fcecdcf98fadf0d468902
SSDEEP

6144:eKlzr1sYCzek2ciDaP9Xk6Ln1W8W/9InBSkZZmLdGcAdgdY6RKpjS:eGhQ2ciDq9ZL1W8q9InBRqELdolRKpj

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1780 set thread context of 5044	1780	beda91d0db86942f2e472a6659cc7c773f80415f220bcb8f1090c8237928f405.exe	86

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1780 wrote to memory of 3032	1780	beda91d0db86942f2e472a6659cc7c773f80415f220bcb8f1090c8237928f405.exe	82
PID 1780 wrote to memory of 3032	1780	beda91d0db86942f2e472a6659cc7c773f80415f220bcb8f1090c8237928f405.exe	82
PID 1780 wrote to memory of 3032	1780	beda91d0db86942f2e472a6659cc7c773f80415f220bcb8f1090c8237928f405.exe	82
PID 1780 wrote to memory of 5044	1780	beda91d0db86942f2e472a6659cc7c773f80415f220bcb8f1090c8237928f405.exe	86
PID 1780 wrote to memory of 5044	1780	beda91d0db86942f2e472a6659cc7c773f80415f220bcb8f1090c8237928f405.exe	86
PID 1780 wrote to memory of 5044	1780	beda91d0db86942f2e472a6659cc7c773f80415f220bcb8f1090c8237928f405.exe	86
PID 1780 wrote to memory of 5044	1780	beda91d0db86942f2e472a6659cc7c773f80415f220bcb8f1090c8237928f405.exe	86
PID 1780 wrote to memory of 5044	1780	beda91d0db86942f2e472a6659cc7c773f80415f220bcb8f1090c8237928f405.exe	86
PID 1780 wrote to memory of 5044	1780	beda91d0db86942f2e472a6659cc7c773f80415f220bcb8f1090c8237928f405.exe	86
PID 1780 wrote to memory of 5044	1780	beda91d0db86942f2e472a6659cc7c773f80415f220bcb8f1090c8237928f405.exe	86
PID 1780 wrote to memory of 5044	1780	beda91d0db86942f2e472a6659cc7c773f80415f220bcb8f1090c8237928f405.exe	86
PID 1780 wrote to memory of 5044	1780	beda91d0db86942f2e472a6659cc7c773f80415f220bcb8f1090c8237928f405.exe	86

C:\Users\Admin\AppData\Local\Temp\beda91d0db86942f2e472a6659cc7c773f80415f220bcb8f1090c8237928f405.exe
"C:\Users\Admin\AppData\Local\Temp\beda91d0db86942f2e472a6659cc7c773f80415f220bcb8f1090c8237928f405.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Users\Admin\AppData\Local\Temp\beda91d0db86942f2e472a6659cc7c773f80415f220bcb8f1090c8237928f405.exe
  C:\Users\Admin\AppData\Local\Temp\beda91d0db86942f2e472a6659cc7c773f80415f220bcb8f1090c8237928f405.exe
  2⤵
  PID:3032
- C:\Users\Admin\AppData\Local\Temp\beda91d0db86942f2e472a6659cc7c773f80415f220bcb8f1090c8237928f405.exe
  C:\Users\Admin\AppData\Local\Temp\beda91d0db86942f2e472a6659cc7c773f80415f220bcb8f1090c8237928f405.exe
  2⤵
  PID:5044

memory/1780-132-0x0000000000900000-0x0000000000956000-memory.dmp

Filesize
344KB

Download
memory/1780-133-0x0000000007DD0000-0x0000000008374000-memory.dmp

Filesize
5.6MB

Download
memory/1780-134-0x00000000078C0000-0x0000000007952000-memory.dmp

Filesize
584KB

Download
memory/1780-135-0x0000000007B60000-0x0000000007BD6000-memory.dmp

Filesize
472KB

Download
memory/1780-136-0x0000000007890000-0x00000000078AE000-memory.dmp

Filesize
120KB

Download
memory/5044-138-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download