a79b401687c15d498a98262f5aaed10e63f9b412dab200e67bc8fa944d0b2389

Analysis

max time kernel
127s
max time network
131s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
30/10/2023, 21:06

Target

a79b401687c15d498a98262f5aaed10e63f9b412dab200e67bc8fa944d0b2389.exe
Size

1.1MB
MD5

67f1c3587ae60e63b030e4c72bc0ec0b
SHA1

982dd26f4665be8550c6c58f084206dd36f33606
SHA256

a79b401687c15d498a98262f5aaed10e63f9b412dab200e67bc8fa944d0b2389
SHA512

a65019dba2050fb83c8d2a70170cf7ea7171c6718a68b4b9d27e67e229bac480a8c6ccd2011841247d66718da84ac2f8808e89e51fd62b69a57b937831203084
SSDEEP

12288:1q68kK9qAYmtww5o7a0dYbNGK+8/yiEmIZH1Pfrmqgbu+C8Eea3OidX6si9fGB71:14amtww5o7a0dmr5/yTZ16aea3Oi8HQ

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4124 set thread context of 2744	4124	a79b401687c15d498a98262f5aaed10e63f9b412dab200e67bc8fa944d0b2389.exe	70

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4124 wrote to memory of 2744	4124	a79b401687c15d498a98262f5aaed10e63f9b412dab200e67bc8fa944d0b2389.exe	70
PID 4124 wrote to memory of 2744	4124	a79b401687c15d498a98262f5aaed10e63f9b412dab200e67bc8fa944d0b2389.exe	70
PID 4124 wrote to memory of 2744	4124	a79b401687c15d498a98262f5aaed10e63f9b412dab200e67bc8fa944d0b2389.exe	70
PID 4124 wrote to memory of 2744	4124	a79b401687c15d498a98262f5aaed10e63f9b412dab200e67bc8fa944d0b2389.exe	70
PID 4124 wrote to memory of 2744	4124	a79b401687c15d498a98262f5aaed10e63f9b412dab200e67bc8fa944d0b2389.exe	70
PID 4124 wrote to memory of 2744	4124	a79b401687c15d498a98262f5aaed10e63f9b412dab200e67bc8fa944d0b2389.exe	70
PID 4124 wrote to memory of 2744	4124	a79b401687c15d498a98262f5aaed10e63f9b412dab200e67bc8fa944d0b2389.exe	70
PID 4124 wrote to memory of 2744	4124	a79b401687c15d498a98262f5aaed10e63f9b412dab200e67bc8fa944d0b2389.exe	70
PID 4124 wrote to memory of 2744	4124	a79b401687c15d498a98262f5aaed10e63f9b412dab200e67bc8fa944d0b2389.exe	70
PID 4124 wrote to memory of 2744	4124	a79b401687c15d498a98262f5aaed10e63f9b412dab200e67bc8fa944d0b2389.exe	70

C:\Users\Admin\AppData\Local\Temp\a79b401687c15d498a98262f5aaed10e63f9b412dab200e67bc8fa944d0b2389.exe
"C:\Users\Admin\AppData\Local\Temp\a79b401687c15d498a98262f5aaed10e63f9b412dab200e67bc8fa944d0b2389.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4124
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:2744

memory/2744-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2744-4-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2744-3-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2744-5-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2744-6-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download