7645bc70056bedba744e05020991de7db564c2ed6102c519bb2a2002374a5164

Analysis

max time kernel
156s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 07:37

Target

7645bc70056bedba744e05020991de7db564c2ed6102c519bb2a2002374a5164.exe
Size

281KB
MD5

759184775111a9eca4d206de580f7a3d
SHA1

5818c7d8f29aec02c5e444a3e91b6eeeb7da6f69
SHA256

7645bc70056bedba744e05020991de7db564c2ed6102c519bb2a2002374a5164
SHA512

f2254619fb754b7f8d14f88c5a87dbef38e5f21c128f1bd1e822221ca4377ef8263c8bdd22becf64fa64bfff8e378f4c94280fec77234ed9991d737a37fb19bc
SSDEEP

6144:WN+JV9NEVs+RfMRy5R7AxG3plqWO1vXEsJqIk:WN+bSCeR7AkCWGET

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 5036 set thread context of 1200	5036	7645bc70056bedba744e05020991de7db564c2ed6102c519bb2a2002374a5164.exe	80

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 5036 wrote to memory of 1200	5036	7645bc70056bedba744e05020991de7db564c2ed6102c519bb2a2002374a5164.exe	80
PID 5036 wrote to memory of 1200	5036	7645bc70056bedba744e05020991de7db564c2ed6102c519bb2a2002374a5164.exe	80
PID 5036 wrote to memory of 1200	5036	7645bc70056bedba744e05020991de7db564c2ed6102c519bb2a2002374a5164.exe	80
PID 5036 wrote to memory of 1200	5036	7645bc70056bedba744e05020991de7db564c2ed6102c519bb2a2002374a5164.exe	80
PID 5036 wrote to memory of 1200	5036	7645bc70056bedba744e05020991de7db564c2ed6102c519bb2a2002374a5164.exe	80
PID 5036 wrote to memory of 1200	5036	7645bc70056bedba744e05020991de7db564c2ed6102c519bb2a2002374a5164.exe	80
PID 5036 wrote to memory of 1200	5036	7645bc70056bedba744e05020991de7db564c2ed6102c519bb2a2002374a5164.exe	80
PID 5036 wrote to memory of 1200	5036	7645bc70056bedba744e05020991de7db564c2ed6102c519bb2a2002374a5164.exe	80

C:\Users\Admin\AppData\Local\Temp\7645bc70056bedba744e05020991de7db564c2ed6102c519bb2a2002374a5164.exe
"C:\Users\Admin\AppData\Local\Temp\7645bc70056bedba744e05020991de7db564c2ed6102c519bb2a2002374a5164.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:5036
- \??\c:\users\admin\appdata\local\temp\7645bc70056bedba744e05020991de7db564c2ed6102c519bb2a2002374a5164.exe
  "c:\users\admin\appdata\local\temp\7645bc70056bedba744e05020991de7db564c2ed6102c519bb2a2002374a5164.exe"
  2⤵
  PID:1200

memory/1200-133-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1200-135-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download