10a176f12611bbbf211c82cf674883527f981028e12234b82819073b1244d95b

Analysis

max time kernel
143s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 08:12

Target

11344325b0e0126f35b170fc2fbaa4bc.exe
Size

606KB
MD5

11344325b0e0126f35b170fc2fbaa4bc
SHA1

2170ede9f08ef2abf1d669b8bc5d8c978aaa1b4d
SHA256

10a176f12611bbbf211c82cf674883527f981028e12234b82819073b1244d95b
SHA512

e5382a4f8ef9392b8f6abbf5feec517e943b2d804d87fe0bced87943f7fbd02d6350f760ee3c990e4433219fab2f41ffd33b604f0d3f7d8d55bb8afb2fcc2b68
SSDEEP

12288:v7vgHZvpwJWlYI3u4uy/ouC8SLneo6NjMrk:Lg5xU23u4UgSzZ6ik

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1172 wrote to memory of 3284	1172	11344325b0e0126f35b170fc2fbaa4bc.exe	92
PID 1172 wrote to memory of 3284	1172	11344325b0e0126f35b170fc2fbaa4bc.exe	92
PID 1172 wrote to memory of 3284	1172	11344325b0e0126f35b170fc2fbaa4bc.exe	92
PID 1172 wrote to memory of 2144	1172	11344325b0e0126f35b170fc2fbaa4bc.exe	91
PID 1172 wrote to memory of 2144	1172	11344325b0e0126f35b170fc2fbaa4bc.exe	91
PID 1172 wrote to memory of 2144	1172	11344325b0e0126f35b170fc2fbaa4bc.exe	91

C:\Users\Admin\AppData\Local\Temp\11344325b0e0126f35b170fc2fbaa4bc.exe
"C:\Users\Admin\AppData\Local\Temp\11344325b0e0126f35b170fc2fbaa4bc.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:1172
- C:\Users\Admin\AppData\Local\Temp\11344325b0e0126f35b170fc2fbaa4bc.exe
  watch
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2144
- C:\Users\Admin\AppData\Local\Temp\11344325b0e0126f35b170fc2fbaa4bc.exe
  start
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:3284

memory/1172-8-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/1172-1-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/1172-3-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/1172-5-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download
memory/1172-2-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/1172-4-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/1172-0-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/2144-11-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/2144-7-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/2144-15-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/2144-16-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/3284-10-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/3284-12-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/3284-9-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/3284-13-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download