22ea0fdebde75b08c7f6c47269920b321db529fa87513f9b8879903ec8c157bd

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
31/10/2023, 01:31

Target

cryogen.exe
Size

13.0MB
MD5

26879ebe5992401f17bef095db5fd117
SHA1

b5b6098267678e0cd8e9633295747c094fcf87a6
SHA256

22ea0fdebde75b08c7f6c47269920b321db529fa87513f9b8879903ec8c157bd
SHA512

1fc02710940a6d4e9efa01426d6c1758df2cb16827d7844c2f78be616d307499906e269ebc3bca8634bc3d87ec5ce6867ac4a018c81187529a95b20b9dff392c
SSDEEP

196608:259wH3QibaKlPxU4KnZhBUEDNBKfTm3tdLFg2j4Ofd/hZ9934k0aAZJ1Bu8M:AUQJ6W7UEDNoaRdjBfd/zD34Io1VM

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs

Suspicious behavior: EnumeratesProcesses 3 IoCs

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1608 wrote to memory of 2428	1608	cryogen.exe	29
PID 1608 wrote to memory of 2428	1608	cryogen.exe	29
PID 1608 wrote to memory of 2428	1608	cryogen.exe	29
PID 2428 wrote to memory of 2720	2428	cryogen.exe	30
PID 2428 wrote to memory of 2720	2428	cryogen.exe	30
PID 2428 wrote to memory of 2720	2428	cryogen.exe	30

memory/1608-0-0x0000000077E30000-0x0000000077E32000-memory.dmp

Filesize
8KB

Download
memory/1608-2-0x0000000077E30000-0x0000000077E32000-memory.dmp

Filesize
8KB

Download
memory/1608-4-0x0000000140000000-0x0000000141795000-memory.dmp

Filesize
23.6MB

Download
memory/1608-5-0x0000000077E30000-0x0000000077E32000-memory.dmp

Filesize
8KB

Download
memory/1608-6-0x0000000140000000-0x0000000141795000-memory.dmp

Filesize
23.6MB

Download
memory/1608-11-0x0000000140000000-0x0000000141795000-memory.dmp

Filesize
23.6MB

Download
memory/2428-17-0x0000000140000000-0x0000000141795000-memory.dmp

Filesize
23.6MB

Download
memory/2428-22-0x0000000140000000-0x0000000141795000-memory.dmp

Filesize
23.6MB

Download