86e8dd45b711cebaedffe2d48cbd0ce3eeed60edbbd8089dd8f914df16c4f099

Analysis

max time kernel
135s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2022 18:11

Target

86e8dd45b711cebaedffe2d48cbd0ce3eeed60edbbd8089dd8f914df16c4f099.exe
Size

327KB
MD5

e98ccb40b0446d4ea7706e70076308b3
SHA1

9eb8b61e45e206db1f9f2785949b35b623a4fb09
SHA256

86e8dd45b711cebaedffe2d48cbd0ce3eeed60edbbd8089dd8f914df16c4f099
SHA512

71cd2dd9fa8a4e8d8a38043836436b4bb51ac3ab696a6a5e365ad6c2e2730a4ab76f69da438e0cdcb43ca03445ae9a1d391632039530e0b841249980f91ace3f
SSDEEP

6144:f7KtPNh/JQqlZW3p1xnfCIN6BzCCE3jdb8RF7ePXLLSdeo:fIGsZQ1DNoCL3jCj7ePad

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3868 set thread context of 2212	3868	86e8dd45b711cebaedffe2d48cbd0ce3eeed60edbbd8089dd8f914df16c4f099.exe	81

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3868 wrote to memory of 2212	3868	86e8dd45b711cebaedffe2d48cbd0ce3eeed60edbbd8089dd8f914df16c4f099.exe	81
PID 3868 wrote to memory of 2212	3868	86e8dd45b711cebaedffe2d48cbd0ce3eeed60edbbd8089dd8f914df16c4f099.exe	81
PID 3868 wrote to memory of 2212	3868	86e8dd45b711cebaedffe2d48cbd0ce3eeed60edbbd8089dd8f914df16c4f099.exe	81
PID 3868 wrote to memory of 2212	3868	86e8dd45b711cebaedffe2d48cbd0ce3eeed60edbbd8089dd8f914df16c4f099.exe	81
PID 3868 wrote to memory of 2212	3868	86e8dd45b711cebaedffe2d48cbd0ce3eeed60edbbd8089dd8f914df16c4f099.exe	81
PID 3868 wrote to memory of 2212	3868	86e8dd45b711cebaedffe2d48cbd0ce3eeed60edbbd8089dd8f914df16c4f099.exe	81
PID 3868 wrote to memory of 2212	3868	86e8dd45b711cebaedffe2d48cbd0ce3eeed60edbbd8089dd8f914df16c4f099.exe	81
PID 3868 wrote to memory of 2212	3868	86e8dd45b711cebaedffe2d48cbd0ce3eeed60edbbd8089dd8f914df16c4f099.exe	81

C:\Users\Admin\AppData\Local\Temp\86e8dd45b711cebaedffe2d48cbd0ce3eeed60edbbd8089dd8f914df16c4f099.exe
"C:\Users\Admin\AppData\Local\Temp\86e8dd45b711cebaedffe2d48cbd0ce3eeed60edbbd8089dd8f914df16c4f099.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3868
- C:\Users\Admin\AppData\Local\Temp\86e8dd45b711cebaedffe2d48cbd0ce3eeed60edbbd8089dd8f914df16c4f099.exe
  "C:\Users\Admin\AppData\Local\Temp\86e8dd45b711cebaedffe2d48cbd0ce3eeed60edbbd8089dd8f914df16c4f099.exe"
  2⤵
  PID:2212

memory/2212-134-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2212-137-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/3868-132-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download
memory/3868-135-0x0000000000400000-0x0000000000457000-memory.dmp

Filesize
348KB

Download