ef6d2c44de401edb2099c5a718cd59d79df97294a8f2f32e2c0929d6aae2e3f1

Analysis

max time kernel
174s
max time network
191s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2023, 20:57

Target

ef6d2c44de401edb2099c5a718cd59d79df97294a8f2f32e2c0929d6aae2e3f1_JC.exe
Size

728KB
MD5

740e01ca913de68ffc24998c1f003067
SHA1

e94c5e240c19a521601893aec8960aa66bfbe0c0
SHA256

ef6d2c44de401edb2099c5a718cd59d79df97294a8f2f32e2c0929d6aae2e3f1
SHA512

0414755bfd6596adf778e3a44367f93d3f410869bdd50098169f258013a0400114fda929a11658d7e57d8c385ac78ea935505c07c4485ac94339830c621bdd4f
SSDEEP

12288:i2iN4yiRJU/Wcg39C3GghIxojeowYOZE/aMfAgykwpubeVpI0lRXSq:i19FeXNC3Gg+xo6ZZEyMogyJube1Ri

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4512 set thread context of 3232	4512	ef6d2c44de401edb2099c5a718cd59d79df97294a8f2f32e2c0929d6aae2e3f1_JC.exe	101

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3232	ef6d2c44de401edb2099c5a718cd59d79df97294a8f2f32e2c0929d6aae2e3f1_JC.exe
3232	ef6d2c44de401edb2099c5a718cd59d79df97294a8f2f32e2c0929d6aae2e3f1_JC.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 3232	4512	ef6d2c44de401edb2099c5a718cd59d79df97294a8f2f32e2c0929d6aae2e3f1_JC.exe	101
PID 4512 wrote to memory of 3232	4512	ef6d2c44de401edb2099c5a718cd59d79df97294a8f2f32e2c0929d6aae2e3f1_JC.exe	101
PID 4512 wrote to memory of 3232	4512	ef6d2c44de401edb2099c5a718cd59d79df97294a8f2f32e2c0929d6aae2e3f1_JC.exe	101
PID 4512 wrote to memory of 3232	4512	ef6d2c44de401edb2099c5a718cd59d79df97294a8f2f32e2c0929d6aae2e3f1_JC.exe	101
PID 4512 wrote to memory of 3232	4512	ef6d2c44de401edb2099c5a718cd59d79df97294a8f2f32e2c0929d6aae2e3f1_JC.exe	101
PID 4512 wrote to memory of 3232	4512	ef6d2c44de401edb2099c5a718cd59d79df97294a8f2f32e2c0929d6aae2e3f1_JC.exe	101

C:\Users\Admin\AppData\Local\Temp\ef6d2c44de401edb2099c5a718cd59d79df97294a8f2f32e2c0929d6aae2e3f1_JC.exe
"C:\Users\Admin\AppData\Local\Temp\ef6d2c44de401edb2099c5a718cd59d79df97294a8f2f32e2c0929d6aae2e3f1_JC.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Users\Admin\AppData\Local\Temp\ef6d2c44de401edb2099c5a718cd59d79df97294a8f2f32e2c0929d6aae2e3f1_JC.exe
  "C:\Users\Admin\AppData\Local\Temp\ef6d2c44de401edb2099c5a718cd59d79df97294a8f2f32e2c0929d6aae2e3f1_JC.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3232

memory/3232-12-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3232-15-0x0000000001980000-0x0000000001CCA000-memory.dmp

Filesize
3.3MB

Download
memory/3232-16-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4512-4-0x00000000059F0000-0x0000000005A00000-memory.dmp

Filesize
64KB

Download
memory/4512-0-0x0000000074E50000-0x0000000075600000-memory.dmp

Filesize
7.7MB

Download
memory/4512-5-0x00000000059D0000-0x00000000059DA000-memory.dmp

Filesize
40KB

Download
memory/4512-6-0x0000000005D40000-0x0000000005D5A000-memory.dmp

Filesize
104KB

Download
memory/4512-7-0x0000000074E50000-0x0000000075600000-memory.dmp

Filesize
7.7MB

Download
memory/4512-8-0x00000000059F0000-0x0000000005A00000-memory.dmp

Filesize
64KB

Download
memory/4512-9-0x0000000006C90000-0x0000000006C9C000-memory.dmp

Filesize
48KB

Download
memory/4512-10-0x0000000008750000-0x00000000087CA000-memory.dmp

Filesize
488KB

Download
memory/4512-11-0x0000000009B40000-0x0000000009BDC000-memory.dmp

Filesize
624KB

Download
memory/4512-3-0x0000000005830000-0x00000000058C2000-memory.dmp

Filesize
584KB

Download
memory/4512-14-0x0000000074E50000-0x0000000075600000-memory.dmp

Filesize
7.7MB

Download
memory/4512-2-0x0000000005DE0000-0x0000000006384000-memory.dmp

Filesize
5.6MB

Download
memory/4512-1-0x0000000000D70000-0x0000000000E2C000-memory.dmp

Filesize
752KB

Download