ec8c065921cdc147f8f808f03ac0f40b56b84bbf980b5391b2c6b986c4b346f3

Analysis

max time kernel
146s
max time network
206s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23-02-2024 10:37

Target

Avvrora X/Avrora X.exe
Size

250.0MB
MD5

ba7a80a4835903d9a1d498321baba2e4
SHA1

cb50da942519873afdbc1e8151646b7c4bfe3347
SHA256

9e24bf46675e17849858ab882df5331a7083e3472fd74a8f832950a2b96e53f5
SHA512

fb4d5fab23e84b0d7344a2346e319a29ad558e0a565768c324280a9f3506c29973421bb2d32f19695d9046d52b5e30e4dc7c0f38439db3fb432421deda65346f
SSDEEP

49152:uDsXe9G2vrxJ6j/l2FUN15iVly80nXwFiFawpOT0ou0EXcH:uwuQ2DxJLCngEFad

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 904 set thread context of 1132	904	Avrora X.exe	88

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 1132	904	Avrora X.exe	88
PID 904 wrote to memory of 1132	904	Avrora X.exe	88
PID 904 wrote to memory of 1132	904	Avrora X.exe	88
PID 904 wrote to memory of 1132	904	Avrora X.exe	88
PID 904 wrote to memory of 1132	904	Avrora X.exe	88

C:\Users\Admin\AppData\Local\Temp\Avvrora X\Avrora X.exe
"C:\Users\Admin\AppData\Local\Temp\Avvrora X\Avrora X.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:904
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"
  2⤵
  PID:1132

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4812

memory/904-4-0x00007FF7B7900000-0x00007FF7B7CCE000-memory.dmp

Filesize
3.8MB

Download
memory/904-6-0x00007FF7B7900000-0x00007FF7B7CCE000-memory.dmp

Filesize
3.8MB

Download
memory/1132-5-0x0000000000D60000-0x0000000000DD9000-memory.dmp

Filesize
484KB

Download
memory/1132-8-0x0000000000D60000-0x0000000000DD9000-memory.dmp

Filesize
484KB

Download
memory/1132-10-0x0000000000D60000-0x0000000000DD9000-memory.dmp

Filesize
484KB

Download