8070ef0def3d56980ecac6287b826e46c186e782f42d90b28aebcd1d87398e30

Analysis

max time kernel
165s
max time network
211s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 07:04

Target

8070ef0def3d56980ecac6287b826e46c186e782f42d90b28aebcd1d87398e30.exe
Size

190KB
MD5

ffa31f652b156b81f68af38263159262
SHA1

631ff0a23e9a6caca6384728d98c1f24b706ac83
SHA256

8070ef0def3d56980ecac6287b826e46c186e782f42d90b28aebcd1d87398e30
SHA512

2658034ae70bbc06514109110d56408d1456584c07b39ebe8a180e9c1859cfc0ab54b1b526ae2a393bdd6e06556e830b47212fdc0b3d2034bb5cd0031aacb7c1
SSDEEP

3072:At/bUxLmJeQYquN4h7phNYjTMcUaSEmvT7yk9fb4+xtBEdh6q7hdDqED0J7+Y5hA:ApAlX4h7ph+EDaSCQfb4+xtAhvFwhjo

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4640 set thread context of 4916	4640	8070ef0def3d56980ecac6287b826e46c186e782f42d90b28aebcd1d87398e30.exe	81

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4640 wrote to memory of 4916	4640	8070ef0def3d56980ecac6287b826e46c186e782f42d90b28aebcd1d87398e30.exe	81
PID 4640 wrote to memory of 4916	4640	8070ef0def3d56980ecac6287b826e46c186e782f42d90b28aebcd1d87398e30.exe	81
PID 4640 wrote to memory of 4916	4640	8070ef0def3d56980ecac6287b826e46c186e782f42d90b28aebcd1d87398e30.exe	81
PID 4640 wrote to memory of 4916	4640	8070ef0def3d56980ecac6287b826e46c186e782f42d90b28aebcd1d87398e30.exe	81
PID 4640 wrote to memory of 4916	4640	8070ef0def3d56980ecac6287b826e46c186e782f42d90b28aebcd1d87398e30.exe	81
PID 4640 wrote to memory of 4916	4640	8070ef0def3d56980ecac6287b826e46c186e782f42d90b28aebcd1d87398e30.exe	81
PID 4640 wrote to memory of 4916	4640	8070ef0def3d56980ecac6287b826e46c186e782f42d90b28aebcd1d87398e30.exe	81
PID 4640 wrote to memory of 4916	4640	8070ef0def3d56980ecac6287b826e46c186e782f42d90b28aebcd1d87398e30.exe	81

C:\Users\Admin\AppData\Local\Temp\8070ef0def3d56980ecac6287b826e46c186e782f42d90b28aebcd1d87398e30.exe
"C:\Users\Admin\AppData\Local\Temp\8070ef0def3d56980ecac6287b826e46c186e782f42d90b28aebcd1d87398e30.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4640
- C:\Users\Admin\AppData\Local\Temp\8070ef0def3d56980ecac6287b826e46c186e782f42d90b28aebcd1d87398e30.exe
  C:\Users\Admin\AppData\Local\Temp\8070ef0def3d56980ecac6287b826e46c186e782f42d90b28aebcd1d87398e30.exe
  2⤵
  PID:4916

memory/4640-132-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4640-136-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/4916-134-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4916-137-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/4916-138-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download