1430db15a80a29772035a60227be41b1776b2f42d4bf99a3cc002cbb4f797b89

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 19:41

Target

38bf84b90ac595bef69dd1f65738552c.exe
Size

618KB
MD5

38bf84b90ac595bef69dd1f65738552c
SHA1

25350a7e185b8334ab2cea631c19f45a7db2b023
SHA256

1430db15a80a29772035a60227be41b1776b2f42d4bf99a3cc002cbb4f797b89
SHA512

707f0809de07c1155517d60c1f31837336a74a370ff74e4c321ea32c2850b84fc519e6ddea46af4ec8b523939407da202a3a19882f2023d89e4f740cb727a5f0
SSDEEP

12288:Fi3WLfGepVs8GRrymnfWuYXf3u4unv5Jv0G4n7ENhMr:Ze+VgR+mnuuYv3u485doEY

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 1984	2416	38bf84b90ac595bef69dd1f65738552c.exe	16
PID 2416 wrote to memory of 1984	2416	38bf84b90ac595bef69dd1f65738552c.exe	16
PID 2416 wrote to memory of 1984	2416	38bf84b90ac595bef69dd1f65738552c.exe	16
PID 2416 wrote to memory of 1984	2416	38bf84b90ac595bef69dd1f65738552c.exe	16
PID 2416 wrote to memory of 2308	2416	38bf84b90ac595bef69dd1f65738552c.exe	15
PID 2416 wrote to memory of 2308	2416	38bf84b90ac595bef69dd1f65738552c.exe	15
PID 2416 wrote to memory of 2308	2416	38bf84b90ac595bef69dd1f65738552c.exe	15
PID 2416 wrote to memory of 2308	2416	38bf84b90ac595bef69dd1f65738552c.exe	15

C:\Users\Admin\AppData\Local\Temp\38bf84b90ac595bef69dd1f65738552c.exe
watch
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:2308

C:\Users\Admin\AppData\Local\Temp\38bf84b90ac595bef69dd1f65738552c.exe
start
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:1984

memory/1984-11-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/1984-10-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/1984-8-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/1984-6-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2308-7-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2308-9-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2308-12-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2416-5-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/2416-2-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2416-0-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2416-4-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2416-1-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2416-13-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download