1577287922a1b08645cf00e9f4c9f0ccfa142810b544de2c9783fbe057ae59cf

Analysis

max time kernel
119s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 18:15

Target

33c791c825b95c3a368598e4021ce4cc.exe
Size

598KB
MD5

33c791c825b95c3a368598e4021ce4cc
SHA1

d30da82f169b0030a843cad49bfd95bd97b38cc4
SHA256

1577287922a1b08645cf00e9f4c9f0ccfa142810b544de2c9783fbe057ae59cf
SHA512

d72d6530ae6d89c9ac55e579e3a383a8ce9b31a1347de7363447632667e343ca6dc56bc1baf13c6a12171f678c17e10aaa2f03db17dad9d3a264b3592ed4980d
SSDEEP

12288:SezSFTOrj+5uCcAWkO0NV5RXn1oK0w/Mh:yTOrLB0rXGK0w2

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 1264	1768	33c791c825b95c3a368598e4021ce4cc.exe	29
PID 1768 wrote to memory of 1264	1768	33c791c825b95c3a368598e4021ce4cc.exe	29
PID 1768 wrote to memory of 1264	1768	33c791c825b95c3a368598e4021ce4cc.exe	29
PID 1768 wrote to memory of 1264	1768	33c791c825b95c3a368598e4021ce4cc.exe	29
PID 1768 wrote to memory of 3056	1768	33c791c825b95c3a368598e4021ce4cc.exe	28
PID 1768 wrote to memory of 3056	1768	33c791c825b95c3a368598e4021ce4cc.exe	28
PID 1768 wrote to memory of 3056	1768	33c791c825b95c3a368598e4021ce4cc.exe	28
PID 1768 wrote to memory of 3056	1768	33c791c825b95c3a368598e4021ce4cc.exe	28

C:\Users\Admin\AppData\Local\Temp\33c791c825b95c3a368598e4021ce4cc.exe
"C:\Users\Admin\AppData\Local\Temp\33c791c825b95c3a368598e4021ce4cc.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Users\Admin\AppData\Local\Temp\33c791c825b95c3a368598e4021ce4cc.exe
  watch
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:3056
- C:\Users\Admin\AppData\Local\Temp\33c791c825b95c3a368598e4021ce4cc.exe
  start
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:1264

memory/1264-6-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/1264-11-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/1264-10-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/1264-7-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/1768-4-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/1768-5-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1768-0-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/1768-2-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1768-1-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/1768-13-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/3056-8-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/3056-9-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/3056-12-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download