e66bc83af800b01ac60f1ee8d89df70c6db7e7af3f4073c657779187299d9733

Analysis

max time kernel
142s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
15/10/2023, 19:54

Target

ce742d7f0684e86267db8c4cb9d73640_console.exe
Size

2.0MB
MD5

ce742d7f0684e86267db8c4cb9d73640
SHA1

fd7a4c90276080104568fb44fd09d082c5c94a79
SHA256

e66bc83af800b01ac60f1ee8d89df70c6db7e7af3f4073c657779187299d9733
SHA512

7b5194ce0a6815f04b602157cf6dea6059eb191dd070009e29f0060845b57f1a2de199a9ea273402827ac3f6accbdc53077623c04d46b016bab231131b241297
SSDEEP

49152:2Q/nwlRsSLc6wP0Yg9jvtD1bSsR4DqXUkFxtwm:25c6wPGFxtwm

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 5084 set thread context of 976	5084	ce742d7f0684e86267db8c4cb9d73640_console.exe	83

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 5084 wrote to memory of 976	5084	ce742d7f0684e86267db8c4cb9d73640_console.exe	83
PID 5084 wrote to memory of 976	5084	ce742d7f0684e86267db8c4cb9d73640_console.exe	83
PID 5084 wrote to memory of 976	5084	ce742d7f0684e86267db8c4cb9d73640_console.exe	83
PID 5084 wrote to memory of 976	5084	ce742d7f0684e86267db8c4cb9d73640_console.exe	83
PID 5084 wrote to memory of 976	5084	ce742d7f0684e86267db8c4cb9d73640_console.exe	83
PID 5084 wrote to memory of 976	5084	ce742d7f0684e86267db8c4cb9d73640_console.exe	83
PID 5084 wrote to memory of 976	5084	ce742d7f0684e86267db8c4cb9d73640_console.exe	83
PID 5084 wrote to memory of 976	5084	ce742d7f0684e86267db8c4cb9d73640_console.exe	83
PID 5084 wrote to memory of 976	5084	ce742d7f0684e86267db8c4cb9d73640_console.exe	83
PID 5084 wrote to memory of 976	5084	ce742d7f0684e86267db8c4cb9d73640_console.exe	83
PID 5084 wrote to memory of 976	5084	ce742d7f0684e86267db8c4cb9d73640_console.exe	83
PID 5084 wrote to memory of 976	5084	ce742d7f0684e86267db8c4cb9d73640_console.exe	83
PID 5084 wrote to memory of 976	5084	ce742d7f0684e86267db8c4cb9d73640_console.exe	83
PID 5084 wrote to memory of 976	5084	ce742d7f0684e86267db8c4cb9d73640_console.exe	83
PID 5084 wrote to memory of 976	5084	ce742d7f0684e86267db8c4cb9d73640_console.exe	83
PID 5084 wrote to memory of 976	5084	ce742d7f0684e86267db8c4cb9d73640_console.exe	83
PID 5084 wrote to memory of 976	5084	ce742d7f0684e86267db8c4cb9d73640_console.exe	83

C:\Users\Admin\AppData\Local\Temp\ce742d7f0684e86267db8c4cb9d73640_console.exe
"C:\Users\Admin\AppData\Local\Temp\ce742d7f0684e86267db8c4cb9d73640_console.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:5084
- C:\Users\Admin\AppData\Local\Temp\ce742d7f0684e86267db8c4cb9d73640_console.exe
  C:\Users\Admin\AppData\Local\Temp\ce742d7f0684e86267db8c4cb9d73640_console.exe
  2⤵
  PID:976

memory/976-0-0x0000000000400000-0x000000000063F000-memory.dmp

Filesize
2.2MB

Download
memory/976-3-0x0000000000400000-0x000000000063F000-memory.dmp

Filesize
2.2MB

Download
memory/976-6-0x0000000000400000-0x000000000063F000-memory.dmp

Filesize
2.2MB

Download
memory/976-5-0x0000000000400000-0x000000000063F000-memory.dmp

Filesize
2.2MB

Download
memory/976-7-0x0000000000400000-0x000000000063F000-memory.dmp

Filesize
2.2MB

Download
memory/976-4-0x0000000000400000-0x000000000063F000-memory.dmp

Filesize
2.2MB

Download
memory/976-8-0x0000000000400000-0x000000000063F000-memory.dmp

Filesize
2.2MB

Download
memory/5084-1-0x00007FF6FEBD0000-0x00007FF6FEDCC000-memory.dmp

Filesize
2.0MB

Download