23d3d13368fc37fc2d140427fdb07308bc45725bd666236b32dfe7967c3c3532

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 18:17

Target

33e7aecab043e12ce9011d07868c26c6.exe
Size

602KB
MD5

33e7aecab043e12ce9011d07868c26c6
SHA1

e053d51385d7974b62d056ac6caa8b2a756f22fc
SHA256

23d3d13368fc37fc2d140427fdb07308bc45725bd666236b32dfe7967c3c3532
SHA512

30242efc938f5972541ebb00fcc523355f3e8861fcfa28afed952cde19b3605baf94a9c8bb788398bdf00a55e7252c32cd74e8f2c854a1e6b1de7a5cf96aee40
SSDEEP

12288:rJFjU0pftUFmi48M8gS9gTSO1Dtu3Mi5DoT4NYnq9N80EPM6:HwUftUR48BZGDtcMiJo8DEN

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1128 wrote to memory of 2316	1128	33e7aecab043e12ce9011d07868c26c6.exe	29
PID 1128 wrote to memory of 2316	1128	33e7aecab043e12ce9011d07868c26c6.exe	29
PID 1128 wrote to memory of 2316	1128	33e7aecab043e12ce9011d07868c26c6.exe	29
PID 1128 wrote to memory of 2316	1128	33e7aecab043e12ce9011d07868c26c6.exe	29
PID 1128 wrote to memory of 1700	1128	33e7aecab043e12ce9011d07868c26c6.exe	28
PID 1128 wrote to memory of 1700	1128	33e7aecab043e12ce9011d07868c26c6.exe	28
PID 1128 wrote to memory of 1700	1128	33e7aecab043e12ce9011d07868c26c6.exe	28
PID 1128 wrote to memory of 1700	1128	33e7aecab043e12ce9011d07868c26c6.exe	28

C:\Users\Admin\AppData\Local\Temp\33e7aecab043e12ce9011d07868c26c6.exe
"C:\Users\Admin\AppData\Local\Temp\33e7aecab043e12ce9011d07868c26c6.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:1128
- C:\Users\Admin\AppData\Local\Temp\33e7aecab043e12ce9011d07868c26c6.exe
  watch
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:1700
- C:\Users\Admin\AppData\Local\Temp\33e7aecab043e12ce9011d07868c26c6.exe
  start
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2316

memory/1128-3-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/1128-1-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/1128-4-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/1128-0-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/1128-2-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1128-5-0x00000000004A0000-0x000000000053B000-memory.dmp

Filesize
620KB

Download
memory/1700-6-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/1700-10-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/1700-12-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2316-7-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2316-8-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2316-9-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2316-11-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download