ab09213c63f299239ba186ab3039e1e0f664fbb494f141a07daa13dab76e3d0b

Analysis

max time kernel
187s
max time network
202s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 00:27

Target

ab09213c63f299239ba186ab3039e1e0f664fbb494f141a07daa13dab76e3d0b.exe
Size

323KB
MD5

41d4b8979546d899d41c56cdc8a60aa2
SHA1

afdad883f5d54fc946f14659fcea32ebdff8b774
SHA256

ab09213c63f299239ba186ab3039e1e0f664fbb494f141a07daa13dab76e3d0b
SHA512

4b72805780308a31214877d9ad6be64e3c162e0a136432c4401cdeef72566523b9ea3de3f073dfb14ba96584ae58964fefeba855843015ed3a47fb95827949ed
SSDEEP

6144:WF0NzItWU8Jh7/oRlZaNeo0Ay4oqiM3gr9bvO:W60k/oFCry4oqiM329b2

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1620 set thread context of 628	1620	ab09213c63f299239ba186ab3039e1e0f664fbb494f141a07daa13dab76e3d0b.exe	82

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 628	1620	ab09213c63f299239ba186ab3039e1e0f664fbb494f141a07daa13dab76e3d0b.exe	82
PID 1620 wrote to memory of 628	1620	ab09213c63f299239ba186ab3039e1e0f664fbb494f141a07daa13dab76e3d0b.exe	82
PID 1620 wrote to memory of 628	1620	ab09213c63f299239ba186ab3039e1e0f664fbb494f141a07daa13dab76e3d0b.exe	82
PID 1620 wrote to memory of 628	1620	ab09213c63f299239ba186ab3039e1e0f664fbb494f141a07daa13dab76e3d0b.exe	82
PID 1620 wrote to memory of 628	1620	ab09213c63f299239ba186ab3039e1e0f664fbb494f141a07daa13dab76e3d0b.exe	82
PID 1620 wrote to memory of 628	1620	ab09213c63f299239ba186ab3039e1e0f664fbb494f141a07daa13dab76e3d0b.exe	82
PID 1620 wrote to memory of 628	1620	ab09213c63f299239ba186ab3039e1e0f664fbb494f141a07daa13dab76e3d0b.exe	82
PID 1620 wrote to memory of 628	1620	ab09213c63f299239ba186ab3039e1e0f664fbb494f141a07daa13dab76e3d0b.exe	82

C:\Users\Admin\AppData\Local\Temp\ab09213c63f299239ba186ab3039e1e0f664fbb494f141a07daa13dab76e3d0b.exe
"C:\Users\Admin\AppData\Local\Temp\ab09213c63f299239ba186ab3039e1e0f664fbb494f141a07daa13dab76e3d0b.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Users\Admin\AppData\Local\Temp\ab09213c63f299239ba186ab3039e1e0f664fbb494f141a07daa13dab76e3d0b.exe
  "C:\Users\Admin\AppData\Local\Temp\ab09213c63f299239ba186ab3039e1e0f664fbb494f141a07daa13dab76e3d0b.exe"
  2⤵
  PID:628

memory/628-134-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/628-137-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1620-132-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/1620-136-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download