d104644bef2cb054832ca683d47b1a975a4cb82fde249c3f4afc0b36dff2e81a

Analysis

max time kernel
541s
max time network
531s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 23:58

Target

document1.exe
Size

400.0MB
MD5

910f1487d983f7852948765edb527952
SHA1

481f0fd4ba70f3d8ff0aade90805ed1ecd8d9571
SHA256

d104644bef2cb054832ca683d47b1a975a4cb82fde249c3f4afc0b36dff2e81a
SHA512

5d2071d0652c53413d5ccb8d778fbbc7e73faa19ba7699c474cd684a5e39a0047fa3bbfbba08441e98a2e8c7818c11dd5f6efb7a119fa3d16301279829a1cc9a
SSDEEP

12288:L1llcJM1rRhQTN64LOfJDHBMYyLOCxatsaR:L1llkMvSNzEZhMYSOCxa2G

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2092 set thread context of 184	2092	document1.exe	108

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 184	2092	document1.exe	108
PID 2092 wrote to memory of 184	2092	document1.exe	108
PID 2092 wrote to memory of 184	2092	document1.exe	108
PID 2092 wrote to memory of 184	2092	document1.exe	108
PID 2092 wrote to memory of 184	2092	document1.exe	108
PID 2092 wrote to memory of 184	2092	document1.exe	108
PID 2092 wrote to memory of 184	2092	document1.exe	108
PID 2092 wrote to memory of 184	2092	document1.exe	108

C:\Users\Admin\AppData\Local\Temp\document1.exe
"C:\Users\Admin\AppData\Local\Temp\document1.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Users\Admin\AppData\Local\Temp\document1.exe
  "C:\Users\Admin\AppData\Local\Temp\document1.exe"
  2⤵
  PID:184

memory/184-7-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/184-8-0x0000000074D40000-0x00000000754F0000-memory.dmp

Filesize
7.7MB

Download
memory/184-9-0x0000000005160000-0x00000000051FC000-memory.dmp

Filesize
624KB

Download
memory/184-10-0x0000000005310000-0x00000000053A2000-memory.dmp

Filesize
584KB

Download
memory/184-12-0x0000000074D40000-0x00000000754F0000-memory.dmp

Filesize
7.7MB

Download
memory/2092-1-0x0000000074D40000-0x00000000754F0000-memory.dmp

Filesize
7.7MB

Download
memory/2092-0-0x0000000000170000-0x000000000023C000-memory.dmp

Filesize
816KB

Download
memory/2092-2-0x0000000005130000-0x00000000056D4000-memory.dmp

Filesize
5.6MB

Download
memory/2092-3-0x0000000004B70000-0x0000000004B80000-memory.dmp

Filesize
64KB

Download
memory/2092-4-0x0000000074D40000-0x00000000754F0000-memory.dmp

Filesize
7.7MB

Download
memory/2092-5-0x0000000004B70000-0x0000000004B80000-memory.dmp

Filesize
64KB

Download
memory/2092-6-0x0000000000800000-0x000000000084A000-memory.dmp

Filesize
296KB

Download