23ec373ad536ca107efa09ee750c95c142c67832e16e917895882bec1ae2cadd

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06-01-2024 19:04

Target

46f797bc3321dc36a005fc630266760c.exe
Size

607KB
MD5

46f797bc3321dc36a005fc630266760c
SHA1

62f598813bc5f3f23007625fe5dff3d712a10de7
SHA256

23ec373ad536ca107efa09ee750c95c142c67832e16e917895882bec1ae2cadd
SHA512

93cd87effac74e6d9e471d968db88ac7be0c319616fa1839d5678d8c67d91c58bd63f4eba9163071c30eaa650cc8afcec6b14f0827e799782419d7d09d8e4e2f
SSDEEP

12288:914AytRFA+JC3Ru6LdIZqXMmjcWjv3BsNM:91ty3FFJCU6L2Zs1jvS

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2672	2116	46f797bc3321dc36a005fc630266760c.exe	27
PID 2116 wrote to memory of 2672	2116	46f797bc3321dc36a005fc630266760c.exe	27
PID 2116 wrote to memory of 2672	2116	46f797bc3321dc36a005fc630266760c.exe	27
PID 2116 wrote to memory of 2672	2116	46f797bc3321dc36a005fc630266760c.exe	27
PID 2116 wrote to memory of 2676	2116	46f797bc3321dc36a005fc630266760c.exe	28
PID 2116 wrote to memory of 2676	2116	46f797bc3321dc36a005fc630266760c.exe	28
PID 2116 wrote to memory of 2676	2116	46f797bc3321dc36a005fc630266760c.exe	28
PID 2116 wrote to memory of 2676	2116	46f797bc3321dc36a005fc630266760c.exe	28

C:\Users\Admin\AppData\Local\Temp\46f797bc3321dc36a005fc630266760c.exe
"C:\Users\Admin\AppData\Local\Temp\46f797bc3321dc36a005fc630266760c.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Users\Admin\AppData\Local\Temp\46f797bc3321dc36a005fc630266760c.exe
  start
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2672
- C:\Users\Admin\AppData\Local\Temp\46f797bc3321dc36a005fc630266760c.exe
  watch
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2676

memory/2116-4-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2116-1-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2116-2-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2116-3-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2116-5-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2116-0-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2116-12-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2672-6-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2672-7-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2672-9-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2672-10-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2676-8-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2676-11-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download