201082433a6dc77f2a1f630abaaaef518a545124375a551d1ecbb18041871ab0

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 22:17

Target

3f83ee1f8c05107203da724a277febed.exe
Size

607KB
MD5

3f83ee1f8c05107203da724a277febed
SHA1

5baa1676f1741e3ac6d55dcac71d0646c92d8128
SHA256

201082433a6dc77f2a1f630abaaaef518a545124375a551d1ecbb18041871ab0
SHA512

927a2795506b3172a56dae4334730ae5573fde1cf1d1d844b4102d8dfde7e8a8324aa73c332eb29ecac009dde94fc1e7f878592fdd9119131511ca2de6dfe528
SSDEEP

12288:5MjLCBZHBUn2YcHjEseTmelSihwL2e2npsGO1Dtu3Mi5fdNqv+vOUEPM8:ejLSFBUnqEseTme8Q7p3GDtcMitdK+2/

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2880	2856	3f83ee1f8c05107203da724a277febed.exe	18
PID 2856 wrote to memory of 2880	2856	3f83ee1f8c05107203da724a277febed.exe	18
PID 2856 wrote to memory of 2880	2856	3f83ee1f8c05107203da724a277febed.exe	18
PID 2856 wrote to memory of 2880	2856	3f83ee1f8c05107203da724a277febed.exe	18
PID 2856 wrote to memory of 2280	2856	3f83ee1f8c05107203da724a277febed.exe	17
PID 2856 wrote to memory of 2280	2856	3f83ee1f8c05107203da724a277febed.exe	17
PID 2856 wrote to memory of 2280	2856	3f83ee1f8c05107203da724a277febed.exe	17
PID 2856 wrote to memory of 2280	2856	3f83ee1f8c05107203da724a277febed.exe	17

C:\Users\Admin\AppData\Local\Temp\3f83ee1f8c05107203da724a277febed.exe
"C:\Users\Admin\AppData\Local\Temp\3f83ee1f8c05107203da724a277febed.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Users\Admin\AppData\Local\Temp\3f83ee1f8c05107203da724a277febed.exe
  watch
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2280
- C:\Users\Admin\AppData\Local\Temp\3f83ee1f8c05107203da724a277febed.exe
  start
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2880

memory/2280-9-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/2280-13-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/2280-16-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/2856-5-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/2856-1-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/2856-2-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/2856-6-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2856-4-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/2856-3-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2856-17-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2880-12-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/2880-11-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/2880-14-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/2880-10-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/2880-8-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/2880-15-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download