f6efac5f3fe46860c39f3035925f74fde3a515994fd5e8eecb212662392c9c25

Analysis

max time kernel
152s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 15:58

Target

f6efac5f3fe46860c39f3035925f74fde3a515994fd5e8eecb212662392c9c25.exe
Size

194KB
MD5

695124d41cd7ab3e1292688558ce7ae6
SHA1

20a403c601c771b2531879cb1514a881b06898d5
SHA256

f6efac5f3fe46860c39f3035925f74fde3a515994fd5e8eecb212662392c9c25
SHA512

d9084b911f74ab9cc58d0770c591e9d1ae6149a1f1f09f25fb7181c7986c205f895b866dbdf14f4628317279e2146bb51bdaa2453732635455cc1ffeee7d7905
SSDEEP

6144:W4G7bTJV+HisaJ1v+Yge23sgQE/xqn+Kr:ASHK1g19er

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
4616	f6efac5f3fe46860c39f3035925f74fde3a515994fd5e8eecb212662392c9c25.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\web\wallpaper.pif	f6efac5f3fe46860c39f3035925f74fde3a515994fd5e8eecb212662392c9c25.exe
File created	C:\Windows\web\wallpaper.pif	f6efac5f3fe46860c39f3035925f74fde3a515994fd5e8eecb212662392c9c25.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4616 wrote to memory of 924	4616	f6efac5f3fe46860c39f3035925f74fde3a515994fd5e8eecb212662392c9c25.exe	80
PID 4616 wrote to memory of 924	4616	f6efac5f3fe46860c39f3035925f74fde3a515994fd5e8eecb212662392c9c25.exe	80
PID 4616 wrote to memory of 924	4616	f6efac5f3fe46860c39f3035925f74fde3a515994fd5e8eecb212662392c9c25.exe	80

C:\Users\Admin\AppData\Local\Temp\f6efac5f3fe46860c39f3035925f74fde3a515994fd5e8eecb212662392c9c25.exe
"C:\Users\Admin\AppData\Local\Temp\f6efac5f3fe46860c39f3035925f74fde3a515994fd5e8eecb212662392c9c25.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4616
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\f6efac5f3fe46860c39f3035925f74fde3a515994fd5e8eecb212662392c9c25.exe"
  2⤵
  PID:924

memory/4616-132-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/4616-133-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/4616-135-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download