b2c0c58d8ad07ebf8b34f2416f99ef2dcd29c4456da18290ee3d149bf3438123

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 08:34

Target

b2c0c58d8ad07ebf8b34f2416f99ef2dcd29c4456da18290ee3d149bf3438123.exe
Size

89KB
MD5

fb0d7413631311f5c0fc52d81df30822
SHA1

ca85ceb4489e713418d8bb0a2203268f1039bee4
SHA256

b2c0c58d8ad07ebf8b34f2416f99ef2dcd29c4456da18290ee3d149bf3438123
SHA512

9457d822e68c53fa9eac1ec2a61eab3142f54ef61dc67dcdc920fb6d5f6b8a67c35f2458ce72356dd82c93ef8a9e60713ab18a0e3c6346c008acdb28b894816b
SSDEEP

1536:qJsvKgYrAv141rCA9uZgRXcO13AQZTGe:qJsi2d41YsVZAQZ

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4808 set thread context of 3408	4808	b2c0c58d8ad07ebf8b34f2416f99ef2dcd29c4456da18290ee3d149bf3438123.exe	80

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4808 wrote to memory of 3408	4808	b2c0c58d8ad07ebf8b34f2416f99ef2dcd29c4456da18290ee3d149bf3438123.exe	80
PID 4808 wrote to memory of 3408	4808	b2c0c58d8ad07ebf8b34f2416f99ef2dcd29c4456da18290ee3d149bf3438123.exe	80
PID 4808 wrote to memory of 3408	4808	b2c0c58d8ad07ebf8b34f2416f99ef2dcd29c4456da18290ee3d149bf3438123.exe	80
PID 4808 wrote to memory of 3408	4808	b2c0c58d8ad07ebf8b34f2416f99ef2dcd29c4456da18290ee3d149bf3438123.exe	80
PID 4808 wrote to memory of 3408	4808	b2c0c58d8ad07ebf8b34f2416f99ef2dcd29c4456da18290ee3d149bf3438123.exe	80
PID 4808 wrote to memory of 3408	4808	b2c0c58d8ad07ebf8b34f2416f99ef2dcd29c4456da18290ee3d149bf3438123.exe	80

C:\Users\Admin\AppData\Local\Temp\b2c0c58d8ad07ebf8b34f2416f99ef2dcd29c4456da18290ee3d149bf3438123.exe
"C:\Users\Admin\AppData\Local\Temp\b2c0c58d8ad07ebf8b34f2416f99ef2dcd29c4456da18290ee3d149bf3438123.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4808
- C:\Users\Admin\AppData\Local\Temp\b2c0c58d8ad07ebf8b34f2416f99ef2dcd29c4456da18290ee3d149bf3438123.exe
  C:\Users\Admin\AppData\Local\Temp\b2c0c58d8ad07ebf8b34f2416f99ef2dcd29c4456da18290ee3d149bf3438123.exe
  2⤵
  PID:3408

memory/3408-134-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3408-137-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3408-138-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/3408-139-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4808-132-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/4808-135-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download