5d59290a5a80f52cba944d47cf09a084c32aa9ebc271c1d17f6ccdbbdbb7ee45

Analysis

max time kernel
143s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
18/09/2023, 21:25

Target

file.exe
Size

393KB
MD5

06a6e879e606c6e08e59f44a87dd5ad9
SHA1

06da3cac9431a3ebea33c3f3071fb9db29f36fcc
SHA256

5d59290a5a80f52cba944d47cf09a084c32aa9ebc271c1d17f6ccdbbdbb7ee45
SHA512

7dba0cb286e1b0ed588715463b40f4bb6be3982db12040da0d07de137a464961f7cf29f5e5a146b4d70f1cdfeccdc3422620c7246657be15e2172571f5c027fe
SSDEEP

6144:ENxjEk2jicP5iOo2T8VrSd/sUAOeklrnLRvFN1BYTCONg/l/IQFjH1Sa:ENxtqiG59ou4k5LRF+WOkVBH1Sa

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1728 set thread context of 3776	1728	file.exe	87

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 4052	1728	file.exe	86
PID 1728 wrote to memory of 4052	1728	file.exe	86
PID 1728 wrote to memory of 4052	1728	file.exe	86
PID 1728 wrote to memory of 3776	1728	file.exe	87
PID 1728 wrote to memory of 3776	1728	file.exe	87
PID 1728 wrote to memory of 3776	1728	file.exe	87
PID 1728 wrote to memory of 3776	1728	file.exe	87
PID 1728 wrote to memory of 3776	1728	file.exe	87
PID 1728 wrote to memory of 3776	1728	file.exe	87
PID 1728 wrote to memory of 3776	1728	file.exe	87
PID 1728 wrote to memory of 3776	1728	file.exe	87
PID 1728 wrote to memory of 3776	1728	file.exe	87
PID 1728 wrote to memory of 3776	1728	file.exe	87

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:4052
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:3776

memory/3776-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3776-1-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3776-2-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3776-3-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3776-4-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download