0977ac5675b2123b8f0750f3fad84e0ff01b15f1de967cb76c9975fba211eed2

Analysis

max time kernel
274s
max time network
362s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2022 23:16

Target

0977ac5675b2123b8f0750f3fad84e0ff01b15f1de967cb76c9975fba211eed2.exe
Size

1.4MB
MD5

fc4c0772cf7fcc4afb023476f694ce86
SHA1

b59eaeddf55a4c7b5dab5816cb5512de8365a84d
SHA256

0977ac5675b2123b8f0750f3fad84e0ff01b15f1de967cb76c9975fba211eed2
SHA512

8be75505bbfa0fd62e6a994ffe906959d40615ae8f84b75ec955b948dcc3213bc751b768b563112e16ee3cc0ea4ea98ce6ecf71c9d8d83c3207f0e351ba1fac4
SSDEEP

24576:BrK6dClXmekxlm1dl4r260n4dz0as5jc3AZ1COwiUP/5lq8AJ:BrBew72604doSw6ewe

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4240 set thread context of 4960	4240	0977ac5675b2123b8f0750f3fad84e0ff01b15f1de967cb76c9975fba211eed2.exe	84

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4240 wrote to memory of 4960	4240	0977ac5675b2123b8f0750f3fad84e0ff01b15f1de967cb76c9975fba211eed2.exe	84
PID 4240 wrote to memory of 4960	4240	0977ac5675b2123b8f0750f3fad84e0ff01b15f1de967cb76c9975fba211eed2.exe	84
PID 4240 wrote to memory of 4960	4240	0977ac5675b2123b8f0750f3fad84e0ff01b15f1de967cb76c9975fba211eed2.exe	84
PID 4240 wrote to memory of 4960	4240	0977ac5675b2123b8f0750f3fad84e0ff01b15f1de967cb76c9975fba211eed2.exe	84
PID 4240 wrote to memory of 4960	4240	0977ac5675b2123b8f0750f3fad84e0ff01b15f1de967cb76c9975fba211eed2.exe	84
PID 4240 wrote to memory of 4960	4240	0977ac5675b2123b8f0750f3fad84e0ff01b15f1de967cb76c9975fba211eed2.exe	84
PID 4240 wrote to memory of 4960	4240	0977ac5675b2123b8f0750f3fad84e0ff01b15f1de967cb76c9975fba211eed2.exe	84
PID 4240 wrote to memory of 4960	4240	0977ac5675b2123b8f0750f3fad84e0ff01b15f1de967cb76c9975fba211eed2.exe	84
PID 4240 wrote to memory of 4960	4240	0977ac5675b2123b8f0750f3fad84e0ff01b15f1de967cb76c9975fba211eed2.exe	84
PID 4240 wrote to memory of 4960	4240	0977ac5675b2123b8f0750f3fad84e0ff01b15f1de967cb76c9975fba211eed2.exe	84

C:\Users\Admin\AppData\Local\Temp\0977ac5675b2123b8f0750f3fad84e0ff01b15f1de967cb76c9975fba211eed2.exe
"C:\Users\Admin\AppData\Local\Temp\0977ac5675b2123b8f0750f3fad84e0ff01b15f1de967cb76c9975fba211eed2.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4240
- C:\Users\Admin\AppData\Local\Temp\0977ac5675b2123b8f0750f3fad84e0ff01b15f1de967cb76c9975fba211eed2.exe
  2⤵
  PID:4960

memory/4960-132-0x0000000000000000-mapping.dmp

Download
memory/4960-133-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/4960-134-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/4960-135-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download