1296966dd0529c6e6d13d0bcfa407d4b074babb10f653b2c99089586793e9cb2

Analysis

max time kernel
106s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 14:15

Target

1296966dd0529c6e6d13d0bcfa407d4b074babb10f653b2c99089586793e9cb2.exe
Size

52KB
MD5

07b3c382729da856506999044e55f4ad
SHA1

30f34c2b7cdce0c4964fd5675c88b90afa5a09de
SHA256

1296966dd0529c6e6d13d0bcfa407d4b074babb10f653b2c99089586793e9cb2
SHA512

c03fce1396bf2188868ff908b21a6d7c2d280340029309a69435f2cb9c02bab05ac86eebb3c2f45f7ca9b87f9705791c0718c0e73a5f4b54ccbb570e39fae120
SSDEEP

768:OAPsldP0+0bnAJZG6+DZmmWjsrmcQiXRz4Da9Tc/2AMa0lwWQUbp2KWmI:uP0+EATGrYrjsrTRMf/2AMa0lLQWpu

Score

7^/10

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0wm0iy0.exe	1296966dd0529c6e6d13d0bcfa407d4b074babb10f653b2c99089586793e9cb2.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0wm0iy0.exe	1296966dd0529c6e6d13d0bcfa407d4b074babb10f653b2c99089586793e9cb2.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1836 set thread context of 4064	1836	1296966dd0529c6e6d13d0bcfa407d4b074babb10f653b2c99089586793e9cb2.exe	82

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4064	1296966dd0529c6e6d13d0bcfa407d4b074babb10f653b2c99089586793e9cb2.exe
4064	1296966dd0529c6e6d13d0bcfa407d4b074babb10f653b2c99089586793e9cb2.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 4064	1836	1296966dd0529c6e6d13d0bcfa407d4b074babb10f653b2c99089586793e9cb2.exe	82
PID 1836 wrote to memory of 4064	1836	1296966dd0529c6e6d13d0bcfa407d4b074babb10f653b2c99089586793e9cb2.exe	82
PID 1836 wrote to memory of 4064	1836	1296966dd0529c6e6d13d0bcfa407d4b074babb10f653b2c99089586793e9cb2.exe	82
PID 1836 wrote to memory of 4064	1836	1296966dd0529c6e6d13d0bcfa407d4b074babb10f653b2c99089586793e9cb2.exe	82
PID 1836 wrote to memory of 4064	1836	1296966dd0529c6e6d13d0bcfa407d4b074babb10f653b2c99089586793e9cb2.exe	82
PID 4064 wrote to memory of 2864	4064	1296966dd0529c6e6d13d0bcfa407d4b074babb10f653b2c99089586793e9cb2.exe	42
PID 4064 wrote to memory of 2864	4064	1296966dd0529c6e6d13d0bcfa407d4b074babb10f653b2c99089586793e9cb2.exe	42
PID 4064 wrote to memory of 2864	4064	1296966dd0529c6e6d13d0bcfa407d4b074babb10f653b2c99089586793e9cb2.exe	42

memory/1836-132-0x0000000000401000-0x0000000000405000-memory.dmp

Filesize
16KB

Download
memory/1836-133-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1836-138-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/4064-135-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/4064-137-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/4064-139-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download