161881dff399d5285aefea8107a3fbb5d3243f1110279de98f6f1bd53f6e4772

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 22:36

Target

05cbede42bd34d43411a6b8f5d0677fb.exe
Size

21KB
MD5

05cbede42bd34d43411a6b8f5d0677fb
SHA1

2e6d186a560e1eed6ebd66ec3491e68cbab0858c
SHA256

161881dff399d5285aefea8107a3fbb5d3243f1110279de98f6f1bd53f6e4772
SHA512

cf6ca46d9448126ad87055ce648c5b13fff8edb1e7bd34e04824e1a14679be3b4e433bd47e690750cf521611435abd56c826c10b760d3c5f8040c197dede15b7
SSDEEP

384:kn2s3RFjfXOftLkABlImNAUtIYyBmwCTjfVhGCK2R7H7t5TNI5+rhrY5:TirftolIm4GwCTjfVB7/W5OY

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3980 set thread context of 3392	3980	05cbede42bd34d43411a6b8f5d0677fb.exe	15

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3980 wrote to memory of 3392	3980	05cbede42bd34d43411a6b8f5d0677fb.exe	15
PID 3980 wrote to memory of 3392	3980	05cbede42bd34d43411a6b8f5d0677fb.exe	15
PID 3980 wrote to memory of 3392	3980	05cbede42bd34d43411a6b8f5d0677fb.exe	15
PID 3980 wrote to memory of 3392	3980	05cbede42bd34d43411a6b8f5d0677fb.exe	15
PID 3980 wrote to memory of 3392	3980	05cbede42bd34d43411a6b8f5d0677fb.exe	15
PID 3980 wrote to memory of 3392	3980	05cbede42bd34d43411a6b8f5d0677fb.exe	15
PID 3980 wrote to memory of 3392	3980	05cbede42bd34d43411a6b8f5d0677fb.exe	15
PID 3980 wrote to memory of 3392	3980	05cbede42bd34d43411a6b8f5d0677fb.exe	15
PID 3980 wrote to memory of 3392	3980	05cbede42bd34d43411a6b8f5d0677fb.exe	15

C:\Users\Admin\AppData\Local\Temp\05cbede42bd34d43411a6b8f5d0677fb.exe
"C:\Users\Admin\AppData\Local\Temp\05cbede42bd34d43411a6b8f5d0677fb.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3980
- C:\Users\Admin\AppData\Local\Temp\05cbede42bd34d43411a6b8f5d0677fb.exe
  "C:\Users\Admin\AppData\Local\Temp\05cbede42bd34d43411a6b8f5d0677fb.exe"
  2⤵
  PID:3392

memory/3392-8-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/3392-9-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/3392-4-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/3392-3-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/3392-1-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/3392-2-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/3392-10-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/3980-0-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/3980-6-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download