acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5

Analysis

max time kernel
351s
max time network
421s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:24

Target

acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5.exe
Size

235KB
MD5

92b9bf2071ecb2da30177fc48e52f89d
SHA1

d077f000b49ba510eba79802a3b6473c996f1faa
SHA256

acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5
SHA512

ccb1f51d420a8bb25c5bf87a0eda1d48656ec4650cad36f735373145d871c316e64179408d8b49d5c2c5b91d5918ed578022b0cb2ccab90e85e7ac6d295075e9
SSDEEP

6144:nB5kSOqWp+yJV0ULn4glwL1S+FDxIz2CLdWmvl:B5kSdWp+6Ln4glw3DxIzhLQKl

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5.exe

description	pid	process	target process
PID 4964 set thread context of 4980	4964	acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5.exe	acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5.exe

description	pid	process	target process
PID 4964 wrote to memory of 4980	4964	acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5.exe	acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5.exe
PID 4964 wrote to memory of 4980	4964	acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5.exe	acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5.exe
PID 4964 wrote to memory of 4980	4964	acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5.exe	acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5.exe
PID 4964 wrote to memory of 4980	4964	acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5.exe	acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5.exe
PID 4964 wrote to memory of 4980	4964	acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5.exe	acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5.exe
PID 4964 wrote to memory of 4980	4964	acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5.exe	acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5.exe
PID 4964 wrote to memory of 4980	4964	acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5.exe	acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5.exe
PID 4964 wrote to memory of 4980	4964	acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5.exe	acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5.exe

C:\Users\Admin\AppData\Local\Temp\acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5.exe
"C:\Users\Admin\AppData\Local\Temp\acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4964
- \??\c:\users\admin\appdata\local\temp\acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5.exe
  "c:\users\admin\appdata\local\temp\acbef774a1a7beb8b551680af77f6ce79617f2affec036433ef6bc6349c49ee5.exe"
  2⤵
  PID:4980

memory/4980-132-0x0000000000000000-mapping.dmp

Download
memory/4980-133-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4980-135-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download