10d0b8a16bdbb0decb2b06af983546121cb0a083df70dab0c31f6efae6cf3b09

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03-01-2024 13:14

Target

3e93e498af2bb5b07d45c86c5315aca6.exe
Size

602KB
MD5

3e93e498af2bb5b07d45c86c5315aca6
SHA1

8552b3d35baee2393c4a488e504b75780d914379
SHA256

10d0b8a16bdbb0decb2b06af983546121cb0a083df70dab0c31f6efae6cf3b09
SHA512

c1a82d055fc09f598f755a0a93d32d6f51fb4d9d88e765b1638fec1185c19d7f60899fe60dc196b0b4af2d59f1f4be1857dc31cd0ebad527c80c97b1dbd2ea04
SSDEEP

6144:Y9isQOn60kjd5xQkF1PiL4kCZm1jxDUR7aN8RznQzsl15Ng44hyC3rnG5JFJ3DTm:Ysb/DbMNPfK35NkE5Rvd12KuA8MA

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 1696	1180	3e93e498af2bb5b07d45c86c5315aca6.exe	28
PID 1180 wrote to memory of 1696	1180	3e93e498af2bb5b07d45c86c5315aca6.exe	28
PID 1180 wrote to memory of 1696	1180	3e93e498af2bb5b07d45c86c5315aca6.exe	28
PID 1180 wrote to memory of 1696	1180	3e93e498af2bb5b07d45c86c5315aca6.exe	28
PID 1180 wrote to memory of 2096	1180	3e93e498af2bb5b07d45c86c5315aca6.exe	29
PID 1180 wrote to memory of 2096	1180	3e93e498af2bb5b07d45c86c5315aca6.exe	29
PID 1180 wrote to memory of 2096	1180	3e93e498af2bb5b07d45c86c5315aca6.exe	29
PID 1180 wrote to memory of 2096	1180	3e93e498af2bb5b07d45c86c5315aca6.exe	29

C:\Users\Admin\AppData\Local\Temp\3e93e498af2bb5b07d45c86c5315aca6.exe
"C:\Users\Admin\AppData\Local\Temp\3e93e498af2bb5b07d45c86c5315aca6.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Users\Admin\AppData\Local\Temp\3e93e498af2bb5b07d45c86c5315aca6.exe
  start
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:1696
- C:\Users\Admin\AppData\Local\Temp\3e93e498af2bb5b07d45c86c5315aca6.exe
  watch
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2096

memory/1180-0-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/1180-1-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/1180-2-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1180-3-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/1180-6-0x00000000004A0000-0x000000000053C000-memory.dmp

Filesize
624KB

Download
memory/1180-5-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/1180-4-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/1696-7-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/1696-9-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/2096-8-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/2096-10-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download