920440b2da77864720c0a3a00dedc00345d3d8f4573522869436c45d1c75df5d

Analysis

max time kernel
403s
max time network
449s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 15:29

Target

920440b2da77864720c0a3a00dedc00345d3d8f4573522869436c45d1c75df5d.exe
Size

406KB
MD5

25c952234a75402960316c722a69596e
SHA1

062a039e6b5fdc96c33e0f69754a697ee5a9e7dd
SHA256

920440b2da77864720c0a3a00dedc00345d3d8f4573522869436c45d1c75df5d
SHA512

2823bfc2e5f6b19ce9b8972f28a1e3a854a8fc38e10528342396b26379f362a7ec26a82cf0c78fed615aeea229e68543c9be0b76f4b959767a059138fffa53d6
SSDEEP

6144:R9EfghSPgG0tSYT8CxvQh0esCzbB7RiNJXFNnDVuEtkA6svWLlL1UCfq:RlS90oYTHxohwyNgPVuyv6gsJY

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3984 set thread context of 2188	3984	920440b2da77864720c0a3a00dedc00345d3d8f4573522869436c45d1c75df5d.exe	84

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3984 wrote to memory of 2188	3984	920440b2da77864720c0a3a00dedc00345d3d8f4573522869436c45d1c75df5d.exe	84
PID 3984 wrote to memory of 2188	3984	920440b2da77864720c0a3a00dedc00345d3d8f4573522869436c45d1c75df5d.exe	84
PID 3984 wrote to memory of 2188	3984	920440b2da77864720c0a3a00dedc00345d3d8f4573522869436c45d1c75df5d.exe	84
PID 3984 wrote to memory of 2188	3984	920440b2da77864720c0a3a00dedc00345d3d8f4573522869436c45d1c75df5d.exe	84
PID 3984 wrote to memory of 2188	3984	920440b2da77864720c0a3a00dedc00345d3d8f4573522869436c45d1c75df5d.exe	84
PID 3984 wrote to memory of 2188	3984	920440b2da77864720c0a3a00dedc00345d3d8f4573522869436c45d1c75df5d.exe	84
PID 3984 wrote to memory of 2188	3984	920440b2da77864720c0a3a00dedc00345d3d8f4573522869436c45d1c75df5d.exe	84
PID 3984 wrote to memory of 2188	3984	920440b2da77864720c0a3a00dedc00345d3d8f4573522869436c45d1c75df5d.exe	84
PID 3984 wrote to memory of 2188	3984	920440b2da77864720c0a3a00dedc00345d3d8f4573522869436c45d1c75df5d.exe	84

C:\Users\Admin\AppData\Local\Temp\920440b2da77864720c0a3a00dedc00345d3d8f4573522869436c45d1c75df5d.exe
"C:\Users\Admin\AppData\Local\Temp\920440b2da77864720c0a3a00dedc00345d3d8f4573522869436c45d1c75df5d.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3984
- C:\Users\Admin\AppData\Local\Temp\920440b2da77864720c0a3a00dedc00345d3d8f4573522869436c45d1c75df5d.exe
  "C:\Users\Admin\AppData\Local\Temp\920440b2da77864720c0a3a00dedc00345d3d8f4573522869436c45d1c75df5d.exe"
  2⤵
  PID:2188

memory/2188-134-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/2188-136-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/3984-132-0x0000000000600000-0x0000000000645000-memory.dmp

Filesize
276KB

Download