89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70

Analysis

max time kernel
166s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:44

Target

89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70.exe
Size

132KB
MD5

8fbd0e3b1bfe760ccea684bb57a20925
SHA1

fc13f1387decd0847d74f2fb6224606d53a2f680
SHA256

89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70
SHA512

24d78f251bcdf1a1b64ef4668558917e27646f29b93fd5b39e4ada622564f484190e882201225c57c949dcf0cc3dc514712bdbf826007d35fa7f94d074c07b48
SSDEEP

3072:2fS/Yyot4y6R2CMdH2AY3cUbtvhaDB3I41F:aSAy6JdmtvQhj

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70.exe

description	pid	process	target process
PID 4512 set thread context of 4916	4512	89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70.exe	89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70.exe

pid	process
4512	89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70.exe
4512	89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70.exe
4512	89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70.exe
4512	89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70.exe

description	pid	process	target process
PID 4512 wrote to memory of 4916	4512	89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70.exe	89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70.exe
PID 4512 wrote to memory of 4916	4512	89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70.exe	89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70.exe
PID 4512 wrote to memory of 4916	4512	89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70.exe	89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70.exe
PID 4512 wrote to memory of 4916	4512	89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70.exe	89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70.exe
PID 4512 wrote to memory of 4916	4512	89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70.exe	89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70.exe
PID 4512 wrote to memory of 4916	4512	89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70.exe	89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70.exe
PID 4512 wrote to memory of 4916	4512	89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70.exe	89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70.exe

C:\Users\Admin\AppData\Local\Temp\89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70.exe
"C:\Users\Admin\AppData\Local\Temp\89191ecfbae8a86e2a48e0ebcbc35b43d99bcadfd72bab6f5325072dc6bf8b70.exe"
2⤵
PID:4916

memory/4512-134-0x0000000000580000-0x0000000000585000-memory.dmp

Filesize
20KB

Download
memory/4916-132-0x0000000000000000-mapping.dmp

Download
memory/4916-133-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download