75361139ecb78ec40449f615740999a69bd071a5917301acdbfdf4279090b0b4

Analysis

max time kernel
159s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 22:48

Target

75361139ecb78ec40449f615740999a69bd071a5917301acdbfdf4279090b0b4.exe
Size

224KB
MD5

3f06250da67d7f584a61dcb371c7d836
SHA1

04c209d6661e9c4e58c97088ee0b78b63b15d446
SHA256

75361139ecb78ec40449f615740999a69bd071a5917301acdbfdf4279090b0b4
SHA512

6e69e4bd806a36a390f8f0e3f39c1138c14eacff1e1057e51f9b5623b9e565eef36446839dd94ade3f6dd3f8c489be2340f2761a2bd0fd8dce27a39c701f34d6
SSDEEP

3072:qs79cd96qsaxF/G+rBRwPmy4Ho8OzokKl2xyiDVQiEIMwK9i8f4pNd1dXPmG/nqA:3cd/xFeAZHbcvT+iEIlKgi4pNdbF

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4456 set thread context of 2064	4456	75361139ecb78ec40449f615740999a69bd071a5917301acdbfdf4279090b0b4.exe	83

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4456 wrote to memory of 2064	4456	75361139ecb78ec40449f615740999a69bd071a5917301acdbfdf4279090b0b4.exe	83
PID 4456 wrote to memory of 2064	4456	75361139ecb78ec40449f615740999a69bd071a5917301acdbfdf4279090b0b4.exe	83
PID 4456 wrote to memory of 2064	4456	75361139ecb78ec40449f615740999a69bd071a5917301acdbfdf4279090b0b4.exe	83
PID 4456 wrote to memory of 2064	4456	75361139ecb78ec40449f615740999a69bd071a5917301acdbfdf4279090b0b4.exe	83
PID 4456 wrote to memory of 2064	4456	75361139ecb78ec40449f615740999a69bd071a5917301acdbfdf4279090b0b4.exe	83
PID 4456 wrote to memory of 2064	4456	75361139ecb78ec40449f615740999a69bd071a5917301acdbfdf4279090b0b4.exe	83
PID 4456 wrote to memory of 2064	4456	75361139ecb78ec40449f615740999a69bd071a5917301acdbfdf4279090b0b4.exe	83
PID 4456 wrote to memory of 2064	4456	75361139ecb78ec40449f615740999a69bd071a5917301acdbfdf4279090b0b4.exe	83

C:\Users\Admin\AppData\Local\Temp\75361139ecb78ec40449f615740999a69bd071a5917301acdbfdf4279090b0b4.exe
"C:\Users\Admin\AppData\Local\Temp\75361139ecb78ec40449f615740999a69bd071a5917301acdbfdf4279090b0b4.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4456
- C:\Users\Admin\AppData\Local\Temp\75361139ecb78ec40449f615740999a69bd071a5917301acdbfdf4279090b0b4.exe
  "C:\Users\Admin\AppData\Local\Temp\75361139ecb78ec40449f615740999a69bd071a5917301acdbfdf4279090b0b4.exe"
  2⤵
  PID:2064

memory/2064-133-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2064-135-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download