208e42b1956a361506d3d88fecc0c36210972fdee363b0901d056f907809b888

Analysis

max time kernel
140s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 13:15

Target

2108d1ca6a87274c8dca26b771b21e36.exe
Size

618KB
MD5

2108d1ca6a87274c8dca26b771b21e36
SHA1

60c1d78b2c648b877b9b7f604db0cd843220545b
SHA256

208e42b1956a361506d3d88fecc0c36210972fdee363b0901d056f907809b888
SHA512

ddc609961505ee92867ec04ff0d735df4987fa29f6825dcd824ae126ba479b0d9589dab0d680712656f363b3b429ef86cfcd665f3995c977189e7ab004a5f0cf
SSDEEP

12288:FGUcwDN5ZVLZxaRQkOGimvM3u4uqb5Jv0G4n7ENhMQ:YUcwR5zaRpHhk3u4D5doEz

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3924 wrote to memory of 1144	3924	2108d1ca6a87274c8dca26b771b21e36.exe	19
PID 3924 wrote to memory of 1144	3924	2108d1ca6a87274c8dca26b771b21e36.exe	19
PID 3924 wrote to memory of 1144	3924	2108d1ca6a87274c8dca26b771b21e36.exe	19
PID 3924 wrote to memory of 4960	3924	2108d1ca6a87274c8dca26b771b21e36.exe	18
PID 3924 wrote to memory of 4960	3924	2108d1ca6a87274c8dca26b771b21e36.exe	18
PID 3924 wrote to memory of 4960	3924	2108d1ca6a87274c8dca26b771b21e36.exe	18

C:\Users\Admin\AppData\Local\Temp\2108d1ca6a87274c8dca26b771b21e36.exe
"C:\Users\Admin\AppData\Local\Temp\2108d1ca6a87274c8dca26b771b21e36.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:3924
- C:\Users\Admin\AppData\Local\Temp\2108d1ca6a87274c8dca26b771b21e36.exe
  watch
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:4960
- C:\Users\Admin\AppData\Local\Temp\2108d1ca6a87274c8dca26b771b21e36.exe
  start
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:1144

memory/1144-7-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/1144-12-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/1144-8-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/1144-5-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/1144-9-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/3924-4-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/3924-1-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/3924-2-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download
memory/3924-0-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/3924-3-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/3924-14-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/4960-10-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/4960-11-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/4960-13-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/4960-6-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download