fcde27be49aa9f5c308a55473aeb0cdad092621a34becfd652f8bb28e79cebc8

Analysis

max time kernel
128s
max time network
131s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
17/09/2023, 14:15

Target

fcde27be49aa9f5c308a55473aeb0cdad092621a34becfd652f8bb28e79cebc8.exe
Size

371KB
MD5

b1ef4b1bc6f512f6305216bcb551379b
SHA1

8b6b7623d1a0b4eea9dcb31d624b9594456f5498
SHA256

fcde27be49aa9f5c308a55473aeb0cdad092621a34becfd652f8bb28e79cebc8
SHA512

f89b74f78922409b87d2a3cf22ced9c4d8ef6da3a82f3b8b2a5f2a00cd70677b3c885e9a639c6fd969bc92aa829c1586e2d2966773c0321a10998fb9aced7205
SSDEEP

6144:h3vJm09zORs+z/TMify9DAO7gQkXBayKaExjm+UN8/:hfw09CK5Nan4MExjm+UN8/

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3068 set thread context of 3212	3068	fcde27be49aa9f5c308a55473aeb0cdad092621a34becfd652f8bb28e79cebc8.exe	69

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 3212	3068	fcde27be49aa9f5c308a55473aeb0cdad092621a34becfd652f8bb28e79cebc8.exe	69
PID 3068 wrote to memory of 3212	3068	fcde27be49aa9f5c308a55473aeb0cdad092621a34becfd652f8bb28e79cebc8.exe	69
PID 3068 wrote to memory of 3212	3068	fcde27be49aa9f5c308a55473aeb0cdad092621a34becfd652f8bb28e79cebc8.exe	69
PID 3068 wrote to memory of 3212	3068	fcde27be49aa9f5c308a55473aeb0cdad092621a34becfd652f8bb28e79cebc8.exe	69
PID 3068 wrote to memory of 3212	3068	fcde27be49aa9f5c308a55473aeb0cdad092621a34becfd652f8bb28e79cebc8.exe	69
PID 3068 wrote to memory of 3212	3068	fcde27be49aa9f5c308a55473aeb0cdad092621a34becfd652f8bb28e79cebc8.exe	69
PID 3068 wrote to memory of 3212	3068	fcde27be49aa9f5c308a55473aeb0cdad092621a34becfd652f8bb28e79cebc8.exe	69
PID 3068 wrote to memory of 3212	3068	fcde27be49aa9f5c308a55473aeb0cdad092621a34becfd652f8bb28e79cebc8.exe	69
PID 3068 wrote to memory of 3212	3068	fcde27be49aa9f5c308a55473aeb0cdad092621a34becfd652f8bb28e79cebc8.exe	69
PID 3068 wrote to memory of 3212	3068	fcde27be49aa9f5c308a55473aeb0cdad092621a34becfd652f8bb28e79cebc8.exe	69

C:\Users\Admin\AppData\Local\Temp\fcde27be49aa9f5c308a55473aeb0cdad092621a34becfd652f8bb28e79cebc8.exe
"C:\Users\Admin\AppData\Local\Temp\fcde27be49aa9f5c308a55473aeb0cdad092621a34becfd652f8bb28e79cebc8.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:3212

memory/3212-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/3212-3-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/3212-4-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/3212-5-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/3212-6-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download