20d9e3fd9ab84238ca7d2399bef069530b88bde26c68c828551d72b531666db5

Analysis

max time kernel
143s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 01:22

Target

48f49cd87025c76ca4d4ed34173633f2.exe
Size

606KB
MD5

48f49cd87025c76ca4d4ed34173633f2
SHA1

98b6fc6166191e946929ce880d15783bdd5c1c75
SHA256

20d9e3fd9ab84238ca7d2399bef069530b88bde26c68c828551d72b531666db5
SHA512

757b4b06031ab75e00622e1a315e590958147bf0f28fe941718af07f3283413a953c4a01daa7cfd7b4c986e96eed91983c219010c85f0134ba85a4e9a668638b
SSDEEP

12288:vJm5Pb6ZdEOHiI/GIf4m3u4uLEuC8SLneo6NjMX:Rc6QmGI/3u4VgSzZ6K

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 456 wrote to memory of 4944	456	48f49cd87025c76ca4d4ed34173633f2.exe	18
PID 456 wrote to memory of 4944	456	48f49cd87025c76ca4d4ed34173633f2.exe	18
PID 456 wrote to memory of 4944	456	48f49cd87025c76ca4d4ed34173633f2.exe	18
PID 456 wrote to memory of 1504	456	48f49cd87025c76ca4d4ed34173633f2.exe	17
PID 456 wrote to memory of 1504	456	48f49cd87025c76ca4d4ed34173633f2.exe	17
PID 456 wrote to memory of 1504	456	48f49cd87025c76ca4d4ed34173633f2.exe	17

C:\Users\Admin\AppData\Local\Temp\48f49cd87025c76ca4d4ed34173633f2.exe
"C:\Users\Admin\AppData\Local\Temp\48f49cd87025c76ca4d4ed34173633f2.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:456
- C:\Users\Admin\AppData\Local\Temp\48f49cd87025c76ca4d4ed34173633f2.exe
  watch
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:1504
- C:\Users\Admin\AppData\Local\Temp\48f49cd87025c76ca4d4ed34173633f2.exe
  start
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:4944

memory/456-8-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/456-1-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/456-2-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/456-6-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/456-0-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/456-3-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/1504-10-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/1504-14-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/1504-5-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/1504-16-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/4944-12-0x0000000002180000-0x0000000002181000-memory.dmp

Filesize
4KB

Download
memory/4944-11-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/4944-9-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/4944-13-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/4944-4-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/4944-15-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download