affedc24d3ea9659fa91f95c9b5de669a7cacd27ee720a6791c493dffe4e1a8d

Analysis

max time kernel
138s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2023, 21:52

Target

affedc24d3ea9659fa91f95c9b5de669a7cacd27ee720a6791c493dffe4e1a8d.exe
Size

1.1MB
MD5

7a180ec9b8df96d14ed8fd0871f4def8
SHA1

357fdab46643ccd7ab4fe82bf063c4a82887e054
SHA256

affedc24d3ea9659fa91f95c9b5de669a7cacd27ee720a6791c493dffe4e1a8d
SHA512

40d94828b867143a6004add8414d077fde470af8653cbdf213ab43b8a77124b6620a6a227010cae2042b25aad9c21776789034d370cc2db4cfa9848f884a3088
SSDEEP

24576:YxDmtww5o7a0dmT5/SzZgqwk6C5HPqPLGcQg:d5o7a0dCAz+k6C5HPqPa

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3636 set thread context of 2956	3636	affedc24d3ea9659fa91f95c9b5de669a7cacd27ee720a6791c493dffe4e1a8d.exe	86

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 3636 wrote to memory of 2956	3636	affedc24d3ea9659fa91f95c9b5de669a7cacd27ee720a6791c493dffe4e1a8d.exe	86
PID 3636 wrote to memory of 2956	3636	affedc24d3ea9659fa91f95c9b5de669a7cacd27ee720a6791c493dffe4e1a8d.exe	86
PID 3636 wrote to memory of 2956	3636	affedc24d3ea9659fa91f95c9b5de669a7cacd27ee720a6791c493dffe4e1a8d.exe	86
PID 3636 wrote to memory of 2956	3636	affedc24d3ea9659fa91f95c9b5de669a7cacd27ee720a6791c493dffe4e1a8d.exe	86
PID 3636 wrote to memory of 2956	3636	affedc24d3ea9659fa91f95c9b5de669a7cacd27ee720a6791c493dffe4e1a8d.exe	86
PID 3636 wrote to memory of 2956	3636	affedc24d3ea9659fa91f95c9b5de669a7cacd27ee720a6791c493dffe4e1a8d.exe	86
PID 3636 wrote to memory of 2956	3636	affedc24d3ea9659fa91f95c9b5de669a7cacd27ee720a6791c493dffe4e1a8d.exe	86
PID 3636 wrote to memory of 2956	3636	affedc24d3ea9659fa91f95c9b5de669a7cacd27ee720a6791c493dffe4e1a8d.exe	86
PID 3636 wrote to memory of 2956	3636	affedc24d3ea9659fa91f95c9b5de669a7cacd27ee720a6791c493dffe4e1a8d.exe	86
PID 3636 wrote to memory of 2956	3636	affedc24d3ea9659fa91f95c9b5de669a7cacd27ee720a6791c493dffe4e1a8d.exe	86

C:\Users\Admin\AppData\Local\Temp\affedc24d3ea9659fa91f95c9b5de669a7cacd27ee720a6791c493dffe4e1a8d.exe
"C:\Users\Admin\AppData\Local\Temp\affedc24d3ea9659fa91f95c9b5de669a7cacd27ee720a6791c493dffe4e1a8d.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3636
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:2956

memory/2956-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2956-1-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2956-2-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2956-3-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2956-4-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download