9afc08c1d0239012052fa257079be04b519651124ee3ecb51c564552fa85cabc

Analysis

max time kernel
138s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 04:19

Target

27e192d1b8689d7a83c7282e196410bc.exe
Size

408KB
MD5

27e192d1b8689d7a83c7282e196410bc
SHA1

2285a100a1b598cd538452994baa765cec3ae3d4
SHA256

9afc08c1d0239012052fa257079be04b519651124ee3ecb51c564552fa85cabc
SHA512

2b8b41cdcd12db01c313f6b76f3d561e7a40066b2cd70ff15badeb6634d8746f62a77924fbeca170efac48ae4c3ede7b9baca4114f3239b27ded2879ae496abe
SSDEEP

12288:RAvFG3axzFHhmuXi2+Qf4pW4ZCpc1/xNIj:RAdMaxzFouXi2+6CMc1Mj

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1268 set thread context of 1860	1268	27e192d1b8689d7a83c7282e196410bc.exe	90

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	27e192d1b8689d7a83c7282e196410bc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	27e192d1b8689d7a83c7282e196410bc.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1268 wrote to memory of 1860	1268	27e192d1b8689d7a83c7282e196410bc.exe	90
PID 1268 wrote to memory of 1860	1268	27e192d1b8689d7a83c7282e196410bc.exe	90
PID 1268 wrote to memory of 1860	1268	27e192d1b8689d7a83c7282e196410bc.exe	90
PID 1268 wrote to memory of 1860	1268	27e192d1b8689d7a83c7282e196410bc.exe	90
PID 1268 wrote to memory of 1860	1268	27e192d1b8689d7a83c7282e196410bc.exe	90
PID 1268 wrote to memory of 1860	1268	27e192d1b8689d7a83c7282e196410bc.exe	90
PID 1268 wrote to memory of 1860	1268	27e192d1b8689d7a83c7282e196410bc.exe	90

C:\Users\Admin\AppData\Local\Temp\27e192d1b8689d7a83c7282e196410bc.exe
"C:\Users\Admin\AppData\Local\Temp\27e192d1b8689d7a83c7282e196410bc.exe"
1⤵
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1268
- C:\Users\Admin\AppData\Local\Temp\27e192d1b8689d7a83c7282e196410bc.exe
  C:\Users\Admin\AppData\Local\Temp\27e192d1b8689d7a83c7282e196410bc.exe
  2⤵
  PID:1860

memory/1268-0-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/1268-6-0x0000000000400000-0x00000000004F6000-memory.dmp

Filesize
984KB

Download
memory/1860-7-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1860-5-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1860-2-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1860-1-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1860-10-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1860-9-0x0000000000410000-0x00000000004D9000-memory.dmp

Filesize
804KB

Download
memory/1860-8-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download