9ff4e665d811318eabbb1ea05817b74ba92f06a5411b874c72c808840d5b9b4d

Analysis

max time kernel
116s
max time network
122s
platform
windows10-1703_x64
resource
win10-20231023-en
resource tags

arch:x64arch:x86image:win10-20231023-enlocale:en-usos:windows10-1703-x64system
submitted
30/10/2023, 14:02

Target

9ff4e665d811318eabbb1ea05817b74ba92f06a5411b874c72c808840d5b9b4d.exe
Size

1.1MB
MD5

27c69de826c44f09dfb3ea0a7b291b10
SHA1

7b411f153331c64be8c7cd12d34ba57872658deb
SHA256

9ff4e665d811318eabbb1ea05817b74ba92f06a5411b874c72c808840d5b9b4d
SHA512

7dd3935b993715c5f9d87a60256286e89fc6bb8fbc1c5fa02ceb31ee3f688652e93d0c6935371b8d9713ceb47911ae82a1db78da3a3732d5445ed7d84efb2bdc
SSDEEP

12288:wE68cKlqpYmtww5o7a0dY71eC+8/yqkOIZHEff7eKgru+CVzhdwQmTfkNEfT9S:wilmtww5o7a0dGD5/yDZIi1Q6GEfT

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3816 set thread context of 3424	3816	9ff4e665d811318eabbb1ea05817b74ba92f06a5411b874c72c808840d5b9b4d.exe	71

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 3816 wrote to memory of 3424	3816	9ff4e665d811318eabbb1ea05817b74ba92f06a5411b874c72c808840d5b9b4d.exe	71
PID 3816 wrote to memory of 3424	3816	9ff4e665d811318eabbb1ea05817b74ba92f06a5411b874c72c808840d5b9b4d.exe	71
PID 3816 wrote to memory of 3424	3816	9ff4e665d811318eabbb1ea05817b74ba92f06a5411b874c72c808840d5b9b4d.exe	71
PID 3816 wrote to memory of 3424	3816	9ff4e665d811318eabbb1ea05817b74ba92f06a5411b874c72c808840d5b9b4d.exe	71
PID 3816 wrote to memory of 3424	3816	9ff4e665d811318eabbb1ea05817b74ba92f06a5411b874c72c808840d5b9b4d.exe	71
PID 3816 wrote to memory of 3424	3816	9ff4e665d811318eabbb1ea05817b74ba92f06a5411b874c72c808840d5b9b4d.exe	71
PID 3816 wrote to memory of 3424	3816	9ff4e665d811318eabbb1ea05817b74ba92f06a5411b874c72c808840d5b9b4d.exe	71
PID 3816 wrote to memory of 3424	3816	9ff4e665d811318eabbb1ea05817b74ba92f06a5411b874c72c808840d5b9b4d.exe	71
PID 3816 wrote to memory of 3424	3816	9ff4e665d811318eabbb1ea05817b74ba92f06a5411b874c72c808840d5b9b4d.exe	71
PID 3816 wrote to memory of 3424	3816	9ff4e665d811318eabbb1ea05817b74ba92f06a5411b874c72c808840d5b9b4d.exe	71

C:\Users\Admin\AppData\Local\Temp\9ff4e665d811318eabbb1ea05817b74ba92f06a5411b874c72c808840d5b9b4d.exe
"C:\Users\Admin\AppData\Local\Temp\9ff4e665d811318eabbb1ea05817b74ba92f06a5411b874c72c808840d5b9b4d.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3816
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:3424

memory/3424-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3424-3-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3424-4-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3424-5-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3424-6-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download