aec8bf4dc1b94e23b894e5583e3aaa40ffb81058f5d143068df2afd7dae8b0d8

Analysis

max time kernel
140s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 03:12

Target

aec8bf4dc1b94e23b894e5583e3aaa40ffb81058f5d143068df2afd7dae8b0d8.exe
Size

95KB
MD5

46d57ee6cecfba14ae3f30f3732da149
SHA1

a2cf4cb9ba0922e540fdd64d4c7aa131b5883a1b
SHA256

aec8bf4dc1b94e23b894e5583e3aaa40ffb81058f5d143068df2afd7dae8b0d8
SHA512

41ff8222218557749415280200593f0cd507e54d52cab45dc337513adf67d25d7971a23ec6c2d1523af8507d67af125ebe3d081cf0255cee386cf96f5774ed20
SSDEEP

1536:bU2FvPyRtETKKF07CqF44jmF8A7FVHoGMpYvCGYw4gGsIQ8/5xLanTmRvzoQ7z+w:FnTmRbP7zP5WvY

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
4848	aec8bf4dc1b94e23b894e5583e3aaa40ffb81058f5d143068df2afd7dae8b0d8.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4944 set thread context of 4848	4944	aec8bf4dc1b94e23b894e5583e3aaa40ffb81058f5d143068df2afd7dae8b0d8.exe	81

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4848	aec8bf4dc1b94e23b894e5583e3aaa40ffb81058f5d143068df2afd7dae8b0d8.exe
4848	aec8bf4dc1b94e23b894e5583e3aaa40ffb81058f5d143068df2afd7dae8b0d8.exe
4848	aec8bf4dc1b94e23b894e5583e3aaa40ffb81058f5d143068df2afd7dae8b0d8.exe
4848	aec8bf4dc1b94e23b894e5583e3aaa40ffb81058f5d143068df2afd7dae8b0d8.exe

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
4848	aec8bf4dc1b94e23b894e5583e3aaa40ffb81058f5d143068df2afd7dae8b0d8.exe
4848	aec8bf4dc1b94e23b894e5583e3aaa40ffb81058f5d143068df2afd7dae8b0d8.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4944 wrote to memory of 4848	4944	aec8bf4dc1b94e23b894e5583e3aaa40ffb81058f5d143068df2afd7dae8b0d8.exe	81
PID 4944 wrote to memory of 4848	4944	aec8bf4dc1b94e23b894e5583e3aaa40ffb81058f5d143068df2afd7dae8b0d8.exe	81
PID 4944 wrote to memory of 4848	4944	aec8bf4dc1b94e23b894e5583e3aaa40ffb81058f5d143068df2afd7dae8b0d8.exe	81
PID 4944 wrote to memory of 4848	4944	aec8bf4dc1b94e23b894e5583e3aaa40ffb81058f5d143068df2afd7dae8b0d8.exe	81
PID 4944 wrote to memory of 4848	4944	aec8bf4dc1b94e23b894e5583e3aaa40ffb81058f5d143068df2afd7dae8b0d8.exe	81
PID 4944 wrote to memory of 4848	4944	aec8bf4dc1b94e23b894e5583e3aaa40ffb81058f5d143068df2afd7dae8b0d8.exe	81
PID 4944 wrote to memory of 4848	4944	aec8bf4dc1b94e23b894e5583e3aaa40ffb81058f5d143068df2afd7dae8b0d8.exe	81
PID 4944 wrote to memory of 4848	4944	aec8bf4dc1b94e23b894e5583e3aaa40ffb81058f5d143068df2afd7dae8b0d8.exe	81
PID 4848 wrote to memory of 5068	4848	aec8bf4dc1b94e23b894e5583e3aaa40ffb81058f5d143068df2afd7dae8b0d8.exe	82
PID 4848 wrote to memory of 5068	4848	aec8bf4dc1b94e23b894e5583e3aaa40ffb81058f5d143068df2afd7dae8b0d8.exe	82

memory/4848-134-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/4848-136-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/4848-138-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/4848-140-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/4944-132-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4944-137-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download