201082433a6dc77f2a1f630abaaaef518a545124375a551d1ecbb18041871ab0

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 22:17

Target

3f83ee1f8c05107203da724a277febed.exe
Size

607KB
MD5

3f83ee1f8c05107203da724a277febed
SHA1

5baa1676f1741e3ac6d55dcac71d0646c92d8128
SHA256

201082433a6dc77f2a1f630abaaaef518a545124375a551d1ecbb18041871ab0
SHA512

927a2795506b3172a56dae4334730ae5573fde1cf1d1d844b4102d8dfde7e8a8324aa73c332eb29ecac009dde94fc1e7f878592fdd9119131511ca2de6dfe528
SSDEEP

12288:5MjLCBZHBUn2YcHjEseTmelSihwL2e2npsGO1Dtu3Mi5fdNqv+vOUEPM8:ejLSFBUnqEseTme8Q7p3GDtcMitdK+2/

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3580 wrote to memory of 3300	3580	3f83ee1f8c05107203da724a277febed.exe	22
PID 3580 wrote to memory of 3300	3580	3f83ee1f8c05107203da724a277febed.exe	22
PID 3580 wrote to memory of 3300	3580	3f83ee1f8c05107203da724a277febed.exe	22
PID 3580 wrote to memory of 2040	3580	3f83ee1f8c05107203da724a277febed.exe	21
PID 3580 wrote to memory of 2040	3580	3f83ee1f8c05107203da724a277febed.exe	21
PID 3580 wrote to memory of 2040	3580	3f83ee1f8c05107203da724a277febed.exe	21

C:\Users\Admin\AppData\Local\Temp\3f83ee1f8c05107203da724a277febed.exe
"C:\Users\Admin\AppData\Local\Temp\3f83ee1f8c05107203da724a277febed.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:3580
- C:\Users\Admin\AppData\Local\Temp\3f83ee1f8c05107203da724a277febed.exe
  watch
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2040
- C:\Users\Admin\AppData\Local\Temp\3f83ee1f8c05107203da724a277febed.exe
  start
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:3300

memory/2040-5-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/2040-11-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/2040-14-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/2040-10-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/3300-13-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/3300-12-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/3300-4-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/3300-9-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/3580-8-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/3580-6-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/3580-1-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/3580-0-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/3580-2-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/3580-3-0x0000000000750000-0x0000000000751000-memory.dmp

Filesize
4KB

Download