e85fcacc4b8aa8515e2aa375263cd5d4de6966e5c516442b478742a1e1d6aeb3

Analysis

max time kernel
144s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23/01/2024, 21:44

Target

70a287ef1f52b3c325a7f05e1a9f725b.exe
Size

476KB
MD5

70a287ef1f52b3c325a7f05e1a9f725b
SHA1

f87c2fe8d2f24a79d04729235b497fe033ef4f0d
SHA256

e85fcacc4b8aa8515e2aa375263cd5d4de6966e5c516442b478742a1e1d6aeb3
SHA512

99ba092a2798aa29d5fb278c8e9c22484d65e8da6e4963790580d80de6761ff702f3435083016773b882c3d96cdb822d5ea82974f242db90bfde2c45bb551494
SSDEEP

6144:EJZv5zFiIOdz2oRNrR4khl546+AOTt2Xys8CVIza7iZAXXXXXt7:WLFC2oRNrrhDuuy0

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3688 set thread context of 4956	3688	70a287ef1f52b3c325a7f05e1a9f725b.exe	89

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3688 wrote to memory of 4956	3688	70a287ef1f52b3c325a7f05e1a9f725b.exe	89
PID 3688 wrote to memory of 4956	3688	70a287ef1f52b3c325a7f05e1a9f725b.exe	89
PID 3688 wrote to memory of 4956	3688	70a287ef1f52b3c325a7f05e1a9f725b.exe	89
PID 3688 wrote to memory of 4956	3688	70a287ef1f52b3c325a7f05e1a9f725b.exe	89
PID 3688 wrote to memory of 4956	3688	70a287ef1f52b3c325a7f05e1a9f725b.exe	89
PID 3688 wrote to memory of 4956	3688	70a287ef1f52b3c325a7f05e1a9f725b.exe	89
PID 3688 wrote to memory of 4956	3688	70a287ef1f52b3c325a7f05e1a9f725b.exe	89
PID 3688 wrote to memory of 4956	3688	70a287ef1f52b3c325a7f05e1a9f725b.exe	89

C:\Users\Admin\AppData\Local\Temp\70a287ef1f52b3c325a7f05e1a9f725b.exe
"C:\Users\Admin\AppData\Local\Temp\70a287ef1f52b3c325a7f05e1a9f725b.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3688
- C:\Users\Admin\AppData\Local\Temp\70a287ef1f52b3c325a7f05e1a9f725b.exe
  "C:\Users\Admin\AppData\Local\Temp\70a287ef1f52b3c325a7f05e1a9f725b.exe"
  2⤵
  PID:4956

memory/4956-0-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/4956-2-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/4956-3-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download