8563eaba89534b4291bc533dddd97390197787b5e57ae7b70d37c343ddc17607

Analysis

max time kernel
85s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2024, 23:35

Target

8da71825ab2dd39e1baeab1e7a5adf71.exe
Size

19KB
MD5

8da71825ab2dd39e1baeab1e7a5adf71
SHA1

088300e50eaff1b3ce45cfc6c1876676251e484a
SHA256

8563eaba89534b4291bc533dddd97390197787b5e57ae7b70d37c343ddc17607
SHA512

ca1e2b1d59f8a064eece834cc5126b680919b0aa6957fde72c89a34bfce5b65f4c9851809e4d8b0c835120159ebb8fcbc5c22e0e222bed6408165a83c085bd25
SSDEEP

192:du35hFOJq9Hm4A2cmGZws3zsUBSPlfsyGIWba0BkbBUFcigu:A35Tz9xA21UtIISPPGIWba0B8UFcXu

Score

7^/10

Deletes itself 1 IoCs

pid	Process
900	svchost.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1692 set thread context of 900	1692	8da71825ab2dd39e1baeab1e7a5adf71.exe	85

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 900	1692	8da71825ab2dd39e1baeab1e7a5adf71.exe	85
PID 1692 wrote to memory of 900	1692	8da71825ab2dd39e1baeab1e7a5adf71.exe	85
PID 1692 wrote to memory of 900	1692	8da71825ab2dd39e1baeab1e7a5adf71.exe	85
PID 1692 wrote to memory of 900	1692	8da71825ab2dd39e1baeab1e7a5adf71.exe	85

C:\Users\Admin\AppData\Local\Temp\8da71825ab2dd39e1baeab1e7a5adf71.exe
"C:\Users\Admin\AppData\Local\Temp\8da71825ab2dd39e1baeab1e7a5adf71.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Windows\SysWOW64\svchost.exe
  svchost.exe
  2⤵
  - Deletes itself
  PID:900

memory/900-2-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1692-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1692-1-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download