c649f5763dca8bce38627b0ae95439faf24727f1a3b372c30527c9734770b663

Analysis

max time kernel
142s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2024 03:39

Target

9861dc9212ed8f04fd6060034354303e.exe
Size

76KB
MD5

9861dc9212ed8f04fd6060034354303e
SHA1

871e504ef6736d71218d15f8113c148441acb1c0
SHA256

c649f5763dca8bce38627b0ae95439faf24727f1a3b372c30527c9734770b663
SHA512

a0748d624cacd6bc0ff42f89f7c4bcfea4910c9d6352cbb0de9acd3f11dcbc49167e14456da0bf5b9daa6c69f42560993c527d89a1365cbb31abe4c540d01a46
SSDEEP

1536:PnprKG2LbG1qg1sKinlo8l+z9AXy91gFiBM2z0jLL:FKGwbG7diczky91gFiBM2oP

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2912 set thread context of 4860	2912	9861dc9212ed8f04fd6060034354303e.exe	84

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 4860	2912	9861dc9212ed8f04fd6060034354303e.exe	84
PID 2912 wrote to memory of 4860	2912	9861dc9212ed8f04fd6060034354303e.exe	84
PID 2912 wrote to memory of 4860	2912	9861dc9212ed8f04fd6060034354303e.exe	84
PID 2912 wrote to memory of 4860	2912	9861dc9212ed8f04fd6060034354303e.exe	84
PID 2912 wrote to memory of 4860	2912	9861dc9212ed8f04fd6060034354303e.exe	84

C:\Users\Admin\AppData\Local\Temp\9861dc9212ed8f04fd6060034354303e.exe
"C:\Users\Admin\AppData\Local\Temp\9861dc9212ed8f04fd6060034354303e.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Users\Admin\AppData\Local\Temp\9861dc9212ed8f04fd6060034354303e.exe
  "C:\Users\Admin\AppData\Local\Temp\9861dc9212ed8f04fd6060034354303e.exe"
  2⤵
  PID:4860

memory/4860-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4860-1-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4860-2-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download