14e693e6ccc07ac0d3c326bc3898b1de9043925ea2a078fcbcddbf8125cc2320

Analysis

max time kernel
122s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 21:05

Target

3cb3ee487c893bbc835892e2a10e0d89.exe
Size

618KB
MD5

3cb3ee487c893bbc835892e2a10e0d89
SHA1

cbb8b419589f94cbbdfda120d0fe84ab438cf314
SHA256

14e693e6ccc07ac0d3c326bc3898b1de9043925ea2a078fcbcddbf8125cc2320
SHA512

b9c67aa4dc40b0108d91700516be4450c4280b49fea67c8d91b610e597f3cbda8ced4e57ec07321f913a04b46486dda7522c284e7b189a0093eb14f88f694f59
SSDEEP

12288:VwnwzwWdzkfGrCit5CI1jhywbuowPa3u4uc65Jv0q4n7ENhMs:Kwzw0CkIc9wS3u4g5JoEX

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2144	2120	3cb3ee487c893bbc835892e2a10e0d89.exe	27
PID 2120 wrote to memory of 2144	2120	3cb3ee487c893bbc835892e2a10e0d89.exe	27
PID 2120 wrote to memory of 2144	2120	3cb3ee487c893bbc835892e2a10e0d89.exe	27
PID 2120 wrote to memory of 2144	2120	3cb3ee487c893bbc835892e2a10e0d89.exe	27
PID 2120 wrote to memory of 2680	2120	3cb3ee487c893bbc835892e2a10e0d89.exe	28
PID 2120 wrote to memory of 2680	2120	3cb3ee487c893bbc835892e2a10e0d89.exe	28
PID 2120 wrote to memory of 2680	2120	3cb3ee487c893bbc835892e2a10e0d89.exe	28
PID 2120 wrote to memory of 2680	2120	3cb3ee487c893bbc835892e2a10e0d89.exe	28

C:\Users\Admin\AppData\Local\Temp\3cb3ee487c893bbc835892e2a10e0d89.exe
"C:\Users\Admin\AppData\Local\Temp\3cb3ee487c893bbc835892e2a10e0d89.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Users\Admin\AppData\Local\Temp\3cb3ee487c893bbc835892e2a10e0d89.exe
  start
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2144
- C:\Users\Admin\AppData\Local\Temp\3cb3ee487c893bbc835892e2a10e0d89.exe
  watch
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2680

memory/2120-0-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2120-1-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2120-2-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2120-5-0x00000000004B0000-0x00000000004B1000-memory.dmp

Filesize
4KB

Download
memory/2120-3-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2120-10-0x00000000004B0000-0x00000000004B1000-memory.dmp

Filesize
4KB

Download
memory/2144-6-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2144-8-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2680-7-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2680-9-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download