6861840fcae37e11c52d277fc27cbdd83457ab49f1e36cc43c3f131a78eb8a5c

Analysis

max time kernel
91s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
16/10/2023, 12:00

Target

6861840fcae37e11c52d277fc27cbdd83457ab49f1e36cc43c3f131a78eb8a5c.exe
Size

328KB
MD5

8a36d7e7bb50d669473e71b923eacf86
SHA1

49d79d74dcd5c8156a0921e565521d17e1143f3f
SHA256

6861840fcae37e11c52d277fc27cbdd83457ab49f1e36cc43c3f131a78eb8a5c
SHA512

b23af9933f277a45808c9c61974236fcc49e3b8bf55d9902a80132625b737e07ea8b3c54577df8d6c5637df858320c7b6f9da0364b7d750103e2e82b353f2eb2
SSDEEP

6144:JDZrUxBda9xwyHlCiLaA+aqHxLsHjXTCg1T4q2F/2Ql9fW6:lZraBdKweC2aA+aqRLsTTCI++Ql9fW6

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2604 set thread context of 1768	2604	6861840fcae37e11c52d277fc27cbdd83457ab49f1e36cc43c3f131a78eb8a5c.exe	82

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2604 wrote to memory of 1768	2604	6861840fcae37e11c52d277fc27cbdd83457ab49f1e36cc43c3f131a78eb8a5c.exe	82
PID 2604 wrote to memory of 1768	2604	6861840fcae37e11c52d277fc27cbdd83457ab49f1e36cc43c3f131a78eb8a5c.exe	82
PID 2604 wrote to memory of 1768	2604	6861840fcae37e11c52d277fc27cbdd83457ab49f1e36cc43c3f131a78eb8a5c.exe	82
PID 2604 wrote to memory of 1768	2604	6861840fcae37e11c52d277fc27cbdd83457ab49f1e36cc43c3f131a78eb8a5c.exe	82
PID 2604 wrote to memory of 1768	2604	6861840fcae37e11c52d277fc27cbdd83457ab49f1e36cc43c3f131a78eb8a5c.exe	82
PID 2604 wrote to memory of 1768	2604	6861840fcae37e11c52d277fc27cbdd83457ab49f1e36cc43c3f131a78eb8a5c.exe	82
PID 2604 wrote to memory of 1768	2604	6861840fcae37e11c52d277fc27cbdd83457ab49f1e36cc43c3f131a78eb8a5c.exe	82
PID 2604 wrote to memory of 1768	2604	6861840fcae37e11c52d277fc27cbdd83457ab49f1e36cc43c3f131a78eb8a5c.exe	82
PID 2604 wrote to memory of 1768	2604	6861840fcae37e11c52d277fc27cbdd83457ab49f1e36cc43c3f131a78eb8a5c.exe	82
PID 2604 wrote to memory of 1768	2604	6861840fcae37e11c52d277fc27cbdd83457ab49f1e36cc43c3f131a78eb8a5c.exe	82

C:\Users\Admin\AppData\Local\Temp\6861840fcae37e11c52d277fc27cbdd83457ab49f1e36cc43c3f131a78eb8a5c.exe
"C:\Users\Admin\AppData\Local\Temp\6861840fcae37e11c52d277fc27cbdd83457ab49f1e36cc43c3f131a78eb8a5c.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:1768

memory/1768-0-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1768-3-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1768-2-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1768-1-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1768-4-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download