224ebf3a7935f639628dc6229f13ffba2e20db59498b9eb57ecaf32aaa488837

Analysis

max time kernel
9s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 16:39

Target

2dccc7806f75ca1ec7b4b35fd6db6ad6.exe
Size

605KB
MD5

2dccc7806f75ca1ec7b4b35fd6db6ad6
SHA1

d8679e286405be3ce77d4cd92710dbe403db3703
SHA256

224ebf3a7935f639628dc6229f13ffba2e20db59498b9eb57ecaf32aaa488837
SHA512

47ee5ebdfdd8cdf41f78787f88b255523a17eaba79cd80d669b20c0e6e2ddbe4831cddef66fc05b93bb7a0fd96afb41bd142b674141ab014f3f6f225b670e80e
SSDEEP

12288:UqSKQ3lJS8cnajPVCYz9NinfzO1Dtu3Mi5EOCUQ2PgMa:GKElJYnarT9N+fzGDtcMieOttP6

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 3156	1184	2dccc7806f75ca1ec7b4b35fd6db6ad6.exe	23
PID 1184 wrote to memory of 3156	1184	2dccc7806f75ca1ec7b4b35fd6db6ad6.exe	23
PID 1184 wrote to memory of 3156	1184	2dccc7806f75ca1ec7b4b35fd6db6ad6.exe	23
PID 1184 wrote to memory of 1960	1184	2dccc7806f75ca1ec7b4b35fd6db6ad6.exe	21
PID 1184 wrote to memory of 1960	1184	2dccc7806f75ca1ec7b4b35fd6db6ad6.exe	21
PID 1184 wrote to memory of 1960	1184	2dccc7806f75ca1ec7b4b35fd6db6ad6.exe	21

C:\Users\Admin\AppData\Local\Temp\2dccc7806f75ca1ec7b4b35fd6db6ad6.exe
"C:\Users\Admin\AppData\Local\Temp\2dccc7806f75ca1ec7b4b35fd6db6ad6.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Users\Admin\AppData\Local\Temp\2dccc7806f75ca1ec7b4b35fd6db6ad6.exe
  watch
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:1960
- C:\Users\Admin\AppData\Local\Temp\2dccc7806f75ca1ec7b4b35fd6db6ad6.exe
  start
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:3156

memory/1184-0-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/1184-5-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/1184-3-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/1184-2-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download
memory/1184-1-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/1960-7-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/1960-10-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/3156-8-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/3156-6-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/3156-9-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download