4b9467bb99cd44ff12bb3cdde99db5d26e0e5ac7fdec3cd790529d71fae43dbd

Analysis

max time kernel
127s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19/08/2023, 02:13

Target

f9de5be5d337c16f6a3ad525011586ae0b14f04169e9b6ae61a35397a3311079.exe
Size

660KB
MD5

cd88bacf312e7e4b45258af81ce8048b
SHA1

f18cc032c483b6d94b856f7150e25f41509e59b6
SHA256

f9de5be5d337c16f6a3ad525011586ae0b14f04169e9b6ae61a35397a3311079
SHA512

cdc7007c2589ccc19cbbe286c8c0d5077d7118a2f7cb34bf735aff29f7e1b890bcf677ba1ef82b112ed2333a0108541a95b1c4461d8ea42fa2672b7bc7adcdd7
SSDEEP

12288:aFcNtV/Op3VXEGFXglxxsITSMrfslboO/Qo7vneSyBc7TqSYk+:vN6dxE9uqrOdPeSiwT2v

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3852 set thread context of 3332	3852	f9de5be5d337c16f6a3ad525011586ae0b14f04169e9b6ae61a35397a3311079.exe	89

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3332	f9de5be5d337c16f6a3ad525011586ae0b14f04169e9b6ae61a35397a3311079.exe
3332	f9de5be5d337c16f6a3ad525011586ae0b14f04169e9b6ae61a35397a3311079.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3852 wrote to memory of 3332	3852	f9de5be5d337c16f6a3ad525011586ae0b14f04169e9b6ae61a35397a3311079.exe	89
PID 3852 wrote to memory of 3332	3852	f9de5be5d337c16f6a3ad525011586ae0b14f04169e9b6ae61a35397a3311079.exe	89
PID 3852 wrote to memory of 3332	3852	f9de5be5d337c16f6a3ad525011586ae0b14f04169e9b6ae61a35397a3311079.exe	89
PID 3852 wrote to memory of 3332	3852	f9de5be5d337c16f6a3ad525011586ae0b14f04169e9b6ae61a35397a3311079.exe	89
PID 3852 wrote to memory of 3332	3852	f9de5be5d337c16f6a3ad525011586ae0b14f04169e9b6ae61a35397a3311079.exe	89
PID 3852 wrote to memory of 3332	3852	f9de5be5d337c16f6a3ad525011586ae0b14f04169e9b6ae61a35397a3311079.exe	89

C:\Users\Admin\AppData\Local\Temp\f9de5be5d337c16f6a3ad525011586ae0b14f04169e9b6ae61a35397a3311079.exe
"C:\Users\Admin\AppData\Local\Temp\f9de5be5d337c16f6a3ad525011586ae0b14f04169e9b6ae61a35397a3311079.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3852
- C:\Users\Admin\AppData\Local\Temp\f9de5be5d337c16f6a3ad525011586ae0b14f04169e9b6ae61a35397a3311079.exe
  "C:\Users\Admin\AppData\Local\Temp\f9de5be5d337c16f6a3ad525011586ae0b14f04169e9b6ae61a35397a3311079.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3332

memory/3332-142-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/3332-146-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/3332-145-0x0000000001520000-0x000000000186A000-memory.dmp

Filesize
3.3MB

Download
memory/3852-136-0x0000000004C50000-0x0000000004CE2000-memory.dmp

Filesize
584KB

Download
memory/3852-137-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/3852-138-0x0000000004BE0000-0x0000000004BEA000-memory.dmp

Filesize
40KB

Download
memory/3852-139-0x0000000004ED0000-0x0000000004F6C000-memory.dmp

Filesize
624KB

Download
memory/3852-140-0x0000000075260000-0x0000000075A10000-memory.dmp

Filesize
7.7MB

Download
memory/3852-141-0x0000000004EC0000-0x0000000004ED0000-memory.dmp

Filesize
64KB

Download
memory/3852-133-0x0000000075260000-0x0000000075A10000-memory.dmp

Filesize
7.7MB

Download
memory/3852-144-0x0000000075260000-0x0000000075A10000-memory.dmp

Filesize
7.7MB

Download
memory/3852-135-0x0000000005360000-0x0000000005904000-memory.dmp

Filesize
5.6MB

Download
memory/3852-134-0x0000000000140000-0x00000000001EC000-memory.dmp

Filesize
688KB

Download