f80628d3ccc7c58d8d9b74fb0597c5b7d3169218e63fd5b6f2279b736a8b5514

Analysis

max time kernel
312s
max time network
360s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 11:01

Target

f80628d3ccc7c58d8d9b74fb0597c5b7d3169218e63fd5b6f2279b736a8b5514.exe
Size

100KB
MD5

0be5ec23ea334bd775077c5c5348f76d
SHA1

6c14b0e366842da5978533dedf28bb7eb94eafe3
SHA256

f80628d3ccc7c58d8d9b74fb0597c5b7d3169218e63fd5b6f2279b736a8b5514
SHA512

18dfbe9b38bd8e40eaea4e41be7410815dd95d3bd57bd3e0bf9fb6d19fb986538187965f763c69927fe775af57018e2d2e58a3dbe102cc2b5833884dbb5ae21f
SSDEEP

1536:qfTAmWrHPBL4LjI/8jkLitMtqnC7KqkSZZZ3gNxibLDQS:q8mz2tqnSUURbLF

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2212 set thread context of 3632	2212	f80628d3ccc7c58d8d9b74fb0597c5b7d3169218e63fd5b6f2279b736a8b5514.exe	86

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 3632	2212	f80628d3ccc7c58d8d9b74fb0597c5b7d3169218e63fd5b6f2279b736a8b5514.exe	86
PID 2212 wrote to memory of 3632	2212	f80628d3ccc7c58d8d9b74fb0597c5b7d3169218e63fd5b6f2279b736a8b5514.exe	86
PID 2212 wrote to memory of 3632	2212	f80628d3ccc7c58d8d9b74fb0597c5b7d3169218e63fd5b6f2279b736a8b5514.exe	86
PID 2212 wrote to memory of 3632	2212	f80628d3ccc7c58d8d9b74fb0597c5b7d3169218e63fd5b6f2279b736a8b5514.exe	86
PID 2212 wrote to memory of 3632	2212	f80628d3ccc7c58d8d9b74fb0597c5b7d3169218e63fd5b6f2279b736a8b5514.exe	86
PID 2212 wrote to memory of 3632	2212	f80628d3ccc7c58d8d9b74fb0597c5b7d3169218e63fd5b6f2279b736a8b5514.exe	86
PID 2212 wrote to memory of 3632	2212	f80628d3ccc7c58d8d9b74fb0597c5b7d3169218e63fd5b6f2279b736a8b5514.exe	86
PID 2212 wrote to memory of 3632	2212	f80628d3ccc7c58d8d9b74fb0597c5b7d3169218e63fd5b6f2279b736a8b5514.exe	86
PID 2212 wrote to memory of 3632	2212	f80628d3ccc7c58d8d9b74fb0597c5b7d3169218e63fd5b6f2279b736a8b5514.exe	86

C:\Users\Admin\AppData\Local\Temp\f80628d3ccc7c58d8d9b74fb0597c5b7d3169218e63fd5b6f2279b736a8b5514.exe
"C:\Users\Admin\AppData\Local\Temp\f80628d3ccc7c58d8d9b74fb0597c5b7d3169218e63fd5b6f2279b736a8b5514.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Users\Admin\AppData\Local\Temp\f80628d3ccc7c58d8d9b74fb0597c5b7d3169218e63fd5b6f2279b736a8b5514.exe
  "C:\Users\Admin\AppData\Local\Temp\f80628d3ccc7c58d8d9b74fb0597c5b7d3169218e63fd5b6f2279b736a8b5514.exe"
  2⤵
  PID:3632

memory/3632-132-0x0000000000000000-mapping.dmp

Download
memory/3632-133-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/3632-135-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/3632-136-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download