96cdf92e9aee602138d0eb68a8579f98da5c96f5849d61bc8961a4405d33275f

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
23/09/2023, 02:52

Target

96cdf92e9aee602138d0eb68a8579f98da5c96f5849d61bc8961a4405d33275f.exe
Size

5.1MB
MD5

ee159605c7719de929ea2cde00d9548b
SHA1

bbaa7c18f63c4a5fc913c581452f8ef6880026e2
SHA256

96cdf92e9aee602138d0eb68a8579f98da5c96f5849d61bc8961a4405d33275f
SHA512

f5733fe39a52a67f9b7b5a7560241c403fc121730b424b9edfad15409cc9a309d3de31c2e5832a376c58a4039abcd7e7c35f660254892c6ab6f56afa2f3f38b2
SSDEEP

98304:3knMKAHojN6/WoirFJ3ddrVqkV9qy6CVf/T51nH3PgWUoi/MC:3NKAm6+tFXRVqkVLtfXH3Pp53

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
1428	96cdf92e9aee602138d0eb68a8579f98da5c96f5849d61bc8961a4405d33275f.exe
1428	96cdf92e9aee602138d0eb68a8579f98da5c96f5849d61bc8961a4405d33275f.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1428	96cdf92e9aee602138d0eb68a8579f98da5c96f5849d61bc8961a4405d33275f.exe
1428	96cdf92e9aee602138d0eb68a8579f98da5c96f5849d61bc8961a4405d33275f.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 1608	1428	96cdf92e9aee602138d0eb68a8579f98da5c96f5849d61bc8961a4405d33275f.exe	97
PID 1428 wrote to memory of 1608	1428	96cdf92e9aee602138d0eb68a8579f98da5c96f5849d61bc8961a4405d33275f.exe	97

C:\Users\Admin\AppData\Local\Temp\96cdf92e9aee602138d0eb68a8579f98da5c96f5849d61bc8961a4405d33275f.exe
"C:\Users\Admin\AppData\Local\Temp\96cdf92e9aee602138d0eb68a8579f98da5c96f5849d61bc8961a4405d33275f.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Uni7238.tmp.bat""
  2⤵
  PID:1608

C:\Users\Admin\AppData\Local\Temp\Uni7238.tmp.bat

Filesize
317B

MD5
2c0b7667bf5c9ce9798302cef469aa2f

SHA1
6e3725eb7bba7c9d4b6da73061ecdfec8231718d

SHA256
2ffa42269f135140b1fabe698dee4a0f067959fea0d77779707ed76cb78ebd2f

SHA512
8c17d3a976eae537c1b71d8579a0eeec6d7c715a4b69e5f2b12741343beea7ac1b51aa4718ad25ce2619ad0c9eaa0d55fa72f16cc26c8c6cfa50929054385260

Download Submit
memory/1428-0-0x00007FFB6D3B0000-0x00007FFB6D3B2000-memory.dmp

Filesize
8KB

Download
memory/1428-1-0x00007FFB6D3C0000-0x00007FFB6D3C2000-memory.dmp

Filesize
8KB

Download
memory/1428-2-0x00007FF747470000-0x00007FF747CB6000-memory.dmp

Filesize
8.3MB

Download
memory/1428-3-0x00007FFB6D3D0000-0x00007FFB6D3D2000-memory.dmp

Filesize
8KB

Download
memory/1428-4-0x00007FFB6BC30000-0x00007FFB6BC32000-memory.dmp

Filesize
8KB

Download
memory/1428-6-0x00007FFB6BC40000-0x00007FFB6BC42000-memory.dmp

Filesize
8KB

Download
memory/1428-5-0x00007FF747470000-0x00007FF747CB6000-memory.dmp

Filesize
8.3MB

Download
memory/1428-7-0x00007FFB6B020000-0x00007FFB6B022000-memory.dmp

Filesize
8KB

Download
memory/1428-8-0x00007FFB6B030000-0x00007FFB6B032000-memory.dmp

Filesize
8KB

Download
memory/1428-12-0x00007FF747470000-0x00007FF747CB6000-memory.dmp

Filesize
8.3MB

Download
memory/1428-16-0x00007FF747470000-0x00007FF747CB6000-memory.dmp

Filesize
8.3MB

Download