518261f1fa66ad1a7336a7e499391a02c7239fe665adac002c67d2633e2f8676

Analysis

max time kernel
64s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2022, 23:31

Target

518261f1fa66ad1a7336a7e499391a02c7239fe665adac002c67d2633e2f8676.exe
Size

923KB
MD5

e3dd3606cec2635e2c938d145e2e7fcd
SHA1

1c3d8912a745080c164f24e075e95554d2761e54
SHA256

518261f1fa66ad1a7336a7e499391a02c7239fe665adac002c67d2633e2f8676
SHA512

a084b1514299f6030dd2276dc06477b54df5f39245e6cbdccc19185d95bd7974229b82f2022442a25b4191fe959f4a770495050d9b95e2d2b52c6352b226be3d
SSDEEP

12288:xIGAvAOr18CfCeGDRqn/MzetFCwrT92aSxNhlngQU9LxS2WlpbTvI:2GAIKyCfCFDgn0eFBN2awlgrMplRI

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4572 set thread context of 3324	4572	518261f1fa66ad1a7336a7e499391a02c7239fe665adac002c67d2633e2f8676.exe	79

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4572	518261f1fa66ad1a7336a7e499391a02c7239fe665adac002c67d2633e2f8676.exe
Token: SeDebugPrivilege	3324	AppLaunch.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4572 wrote to memory of 3324	4572	518261f1fa66ad1a7336a7e499391a02c7239fe665adac002c67d2633e2f8676.exe	79
PID 4572 wrote to memory of 3324	4572	518261f1fa66ad1a7336a7e499391a02c7239fe665adac002c67d2633e2f8676.exe	79
PID 4572 wrote to memory of 3324	4572	518261f1fa66ad1a7336a7e499391a02c7239fe665adac002c67d2633e2f8676.exe	79
PID 4572 wrote to memory of 3324	4572	518261f1fa66ad1a7336a7e499391a02c7239fe665adac002c67d2633e2f8676.exe	79
PID 4572 wrote to memory of 3324	4572	518261f1fa66ad1a7336a7e499391a02c7239fe665adac002c67d2633e2f8676.exe	79
PID 4572 wrote to memory of 3324	4572	518261f1fa66ad1a7336a7e499391a02c7239fe665adac002c67d2633e2f8676.exe	79
PID 4572 wrote to memory of 3324	4572	518261f1fa66ad1a7336a7e499391a02c7239fe665adac002c67d2633e2f8676.exe	79
PID 4572 wrote to memory of 3324	4572	518261f1fa66ad1a7336a7e499391a02c7239fe665adac002c67d2633e2f8676.exe	79

C:\Users\Admin\AppData\Local\Temp\518261f1fa66ad1a7336a7e499391a02c7239fe665adac002c67d2633e2f8676.exe
"C:\Users\Admin\AppData\Local\Temp\518261f1fa66ad1a7336a7e499391a02c7239fe665adac002c67d2633e2f8676.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4572
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3324

memory/3324-134-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/3324-135-0x0000000008000000-0x00000000085A4000-memory.dmp

Filesize
5.6MB

Download
memory/3324-136-0x0000000007AF0000-0x0000000007B82000-memory.dmp

Filesize
584KB

Download
memory/3324-137-0x0000000007AD0000-0x0000000007ADA000-memory.dmp

Filesize
40KB

Download
memory/3324-138-0x000000000A950000-0x000000000A9B6000-memory.dmp

Filesize
408KB

Download
memory/4572-132-0x0000000000EC0000-0x0000000000FAC000-memory.dmp

Filesize
944KB

Download