10a176f12611bbbf211c82cf674883527f981028e12234b82819073b1244d95b

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 08:12

Target

11344325b0e0126f35b170fc2fbaa4bc.exe
Size

606KB
MD5

11344325b0e0126f35b170fc2fbaa4bc
SHA1

2170ede9f08ef2abf1d669b8bc5d8c978aaa1b4d
SHA256

10a176f12611bbbf211c82cf674883527f981028e12234b82819073b1244d95b
SHA512

e5382a4f8ef9392b8f6abbf5feec517e943b2d804d87fe0bced87943f7fbd02d6350f760ee3c990e4433219fab2f41ffd33b604f0d3f7d8d55bb8afb2fcc2b68
SSDEEP

12288:v7vgHZvpwJWlYI3u4uy/ouC8SLneo6NjMrk:Lg5xU23u4UgSzZ6ik

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2324	2156	11344325b0e0126f35b170fc2fbaa4bc.exe	29
PID 2156 wrote to memory of 2324	2156	11344325b0e0126f35b170fc2fbaa4bc.exe	29
PID 2156 wrote to memory of 2324	2156	11344325b0e0126f35b170fc2fbaa4bc.exe	29
PID 2156 wrote to memory of 2324	2156	11344325b0e0126f35b170fc2fbaa4bc.exe	29
PID 2156 wrote to memory of 2332	2156	11344325b0e0126f35b170fc2fbaa4bc.exe	28
PID 2156 wrote to memory of 2332	2156	11344325b0e0126f35b170fc2fbaa4bc.exe	28
PID 2156 wrote to memory of 2332	2156	11344325b0e0126f35b170fc2fbaa4bc.exe	28
PID 2156 wrote to memory of 2332	2156	11344325b0e0126f35b170fc2fbaa4bc.exe	28

C:\Users\Admin\AppData\Local\Temp\11344325b0e0126f35b170fc2fbaa4bc.exe
"C:\Users\Admin\AppData\Local\Temp\11344325b0e0126f35b170fc2fbaa4bc.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Users\Admin\AppData\Local\Temp\11344325b0e0126f35b170fc2fbaa4bc.exe
  watch
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2332
- C:\Users\Admin\AppData\Local\Temp\11344325b0e0126f35b170fc2fbaa4bc.exe
  start
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2324

memory/2156-6-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/2156-1-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/2156-2-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/2156-3-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2156-14-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/2156-7-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/2156-0-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/2324-11-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/2324-8-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/2324-4-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/2324-12-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/2332-9-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/2332-10-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2332-13-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/2332-5-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download