742a793b450846c5e1ccdf0d57f2af182ee3b679147d3377d018e4ce26c9061a

Analysis

max time kernel
162s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2022 12:21

Target

742a793b450846c5e1ccdf0d57f2af182ee3b679147d3377d018e4ce26c9061a.exe
Size

358KB
MD5

0ec93d72f7449dbb8863d25c398f7776
SHA1

aa299c50c0f46f145a23fc66c06eaf6faf26136e
SHA256

742a793b450846c5e1ccdf0d57f2af182ee3b679147d3377d018e4ce26c9061a
SHA512

5f8c6d33b011348d7e6b64102c47f3bffcc72b679443b2b94b28b32ecde9e620601967aaa7e8631644af343c6db3ae4b8622233daf4d65a11cd51375b2b13fa8
SSDEEP

6144:sDnzwMPKotBQuFq/4D0OQ6iQHWSRpjvpyoWlRlDqDjl4AFyO7QQ79VulTweZZD:FEPBQ5/4E6ifSRPFWlRl2t4AyiQyA8ej

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2140 set thread context of 2848	2140	742a793b450846c5e1ccdf0d57f2af182ee3b679147d3377d018e4ce26c9061a.exe	81

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 2848	2140	742a793b450846c5e1ccdf0d57f2af182ee3b679147d3377d018e4ce26c9061a.exe	81
PID 2140 wrote to memory of 2848	2140	742a793b450846c5e1ccdf0d57f2af182ee3b679147d3377d018e4ce26c9061a.exe	81
PID 2140 wrote to memory of 2848	2140	742a793b450846c5e1ccdf0d57f2af182ee3b679147d3377d018e4ce26c9061a.exe	81
PID 2140 wrote to memory of 2848	2140	742a793b450846c5e1ccdf0d57f2af182ee3b679147d3377d018e4ce26c9061a.exe	81
PID 2140 wrote to memory of 2848	2140	742a793b450846c5e1ccdf0d57f2af182ee3b679147d3377d018e4ce26c9061a.exe	81
PID 2140 wrote to memory of 2848	2140	742a793b450846c5e1ccdf0d57f2af182ee3b679147d3377d018e4ce26c9061a.exe	81
PID 2140 wrote to memory of 2848	2140	742a793b450846c5e1ccdf0d57f2af182ee3b679147d3377d018e4ce26c9061a.exe	81
PID 2140 wrote to memory of 2848	2140	742a793b450846c5e1ccdf0d57f2af182ee3b679147d3377d018e4ce26c9061a.exe	81

C:\Users\Admin\AppData\Local\Temp\742a793b450846c5e1ccdf0d57f2af182ee3b679147d3377d018e4ce26c9061a.exe
"C:\Users\Admin\AppData\Local\Temp\742a793b450846c5e1ccdf0d57f2af182ee3b679147d3377d018e4ce26c9061a.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Users\Admin\AppData\Local\Temp\742a793b450846c5e1ccdf0d57f2af182ee3b679147d3377d018e4ce26c9061a.exe
  "C:\Users\Admin\AppData\Local\Temp\742a793b450846c5e1ccdf0d57f2af182ee3b679147d3377d018e4ce26c9061a.exe"
  2⤵
  PID:2848

memory/2140-132-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2140-136-0x0000000000400000-0x000000000045F000-memory.dmp

Filesize
380KB

Download
memory/2848-133-0x0000000000000000-mapping.dmp

Download
memory/2848-134-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2848-137-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download