33f8fc18fe1072a4ef62150533914593802d9d82dc454e9642d941d5d2064efe

Analysis

max time kernel
201s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 14:37

Target

33f8fc18fe1072a4ef62150533914593802d9d82dc454e9642d941d5d2064efe.exe
Size

297KB
MD5

4c1e181d0da11fca52f22580a090ac1a
SHA1

cf37f825402d47f00f424c8dea6487ee85ae862e
SHA256

33f8fc18fe1072a4ef62150533914593802d9d82dc454e9642d941d5d2064efe
SHA512

8ff0db1cec43a8a190b6b4368e6dc4df7016ceeec742986d840db488a8e339b35434cc2a65834d3f85c7169d690f64a33bd217fb04b0699ba86ea7edfc075696
SSDEEP

6144:uNRCZcu8uF3TGCMwrtm9JYcsIhVr2KEo0gwSqgcWactvQYjxHLg+lIfJa1:+RC3E/j5xr2K4g/FnlYa

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

33f8fc18fe1072a4ef62150533914593802d9d82dc454e9642d941d5d2064efe.exe

description	pid	process	target process
PID 1000 set thread context of 2188	1000	33f8fc18fe1072a4ef62150533914593802d9d82dc454e9642d941d5d2064efe.exe	33f8fc18fe1072a4ef62150533914593802d9d82dc454e9642d941d5d2064efe.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

33f8fc18fe1072a4ef62150533914593802d9d82dc454e9642d941d5d2064efe.exe

description	pid	process	target process
PID 1000 wrote to memory of 2188	1000	33f8fc18fe1072a4ef62150533914593802d9d82dc454e9642d941d5d2064efe.exe	33f8fc18fe1072a4ef62150533914593802d9d82dc454e9642d941d5d2064efe.exe
PID 1000 wrote to memory of 2188	1000	33f8fc18fe1072a4ef62150533914593802d9d82dc454e9642d941d5d2064efe.exe	33f8fc18fe1072a4ef62150533914593802d9d82dc454e9642d941d5d2064efe.exe
PID 1000 wrote to memory of 2188	1000	33f8fc18fe1072a4ef62150533914593802d9d82dc454e9642d941d5d2064efe.exe	33f8fc18fe1072a4ef62150533914593802d9d82dc454e9642d941d5d2064efe.exe
PID 1000 wrote to memory of 2188	1000	33f8fc18fe1072a4ef62150533914593802d9d82dc454e9642d941d5d2064efe.exe	33f8fc18fe1072a4ef62150533914593802d9d82dc454e9642d941d5d2064efe.exe
PID 1000 wrote to memory of 2188	1000	33f8fc18fe1072a4ef62150533914593802d9d82dc454e9642d941d5d2064efe.exe	33f8fc18fe1072a4ef62150533914593802d9d82dc454e9642d941d5d2064efe.exe
PID 1000 wrote to memory of 2188	1000	33f8fc18fe1072a4ef62150533914593802d9d82dc454e9642d941d5d2064efe.exe	33f8fc18fe1072a4ef62150533914593802d9d82dc454e9642d941d5d2064efe.exe
PID 1000 wrote to memory of 2188	1000	33f8fc18fe1072a4ef62150533914593802d9d82dc454e9642d941d5d2064efe.exe	33f8fc18fe1072a4ef62150533914593802d9d82dc454e9642d941d5d2064efe.exe
PID 1000 wrote to memory of 2188	1000	33f8fc18fe1072a4ef62150533914593802d9d82dc454e9642d941d5d2064efe.exe	33f8fc18fe1072a4ef62150533914593802d9d82dc454e9642d941d5d2064efe.exe

C:\Users\Admin\AppData\Local\Temp\33f8fc18fe1072a4ef62150533914593802d9d82dc454e9642d941d5d2064efe.exe
"C:\Users\Admin\AppData\Local\Temp\33f8fc18fe1072a4ef62150533914593802d9d82dc454e9642d941d5d2064efe.exe"
2⤵
PID:2188

memory/1000-132-0x0000000000E40000-0x0000000000E8E000-memory.dmp

Filesize
312KB

Download
memory/1000-136-0x0000000000E40000-0x0000000000E8E000-memory.dmp

Filesize
312KB

Download
memory/2188-133-0x0000000000000000-mapping.dmp

Download
memory/2188-134-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2188-137-0x0000000000E40000-0x0000000000E8E000-memory.dmp

Filesize
312KB

Download
memory/2188-138-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2188-139-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2188-140-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download