c61409a910ee60ac110a326e4fee3a8609f50d4e072e760ea66c15a1584de855

Analysis

max time kernel
94s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26-02-2024 19:42

Target

a72f659fd970d503ac88a81066e58c25.exe
Size

281KB
MD5

a72f659fd970d503ac88a81066e58c25
SHA1

42b015e9fc6f444afe513245a348568366b02c46
SHA256

c61409a910ee60ac110a326e4fee3a8609f50d4e072e760ea66c15a1584de855
SHA512

a2500f1d439753e9e53d2bca24ab608915eb75126e31247ae4858e7b62878335cacef8ea4c8c21c38213fdffb5c7b61987391393e90e9e96c0cb55a613fc2d75
SSDEEP

6144:Ib9kSqoncIHgp44tKAkG0nyaSDVR2r7flZNgpmPuIft6nv79/Ji:AhqoLb4tKAcRSDVRKjlZNgAue

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

a72f659fd970d503ac88a81066e58c25.exe

description pid process target process

PID 3236 set thread context of 1832 3236 a72f659fd970d503ac88a81066e58c25.exe a72f659fd970d503ac88a81066e58c25.exe

description	pid	process	target process
PID 3236 set thread context of 1832	3236	a72f659fd970d503ac88a81066e58c25.exe	a72f659fd970d503ac88a81066e58c25.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

a72f659fd970d503ac88a81066e58c25.exe

description	pid	process	target process
PID 3236 wrote to memory of 1832	3236	a72f659fd970d503ac88a81066e58c25.exe	a72f659fd970d503ac88a81066e58c25.exe
PID 3236 wrote to memory of 1832	3236	a72f659fd970d503ac88a81066e58c25.exe	a72f659fd970d503ac88a81066e58c25.exe
PID 3236 wrote to memory of 1832	3236	a72f659fd970d503ac88a81066e58c25.exe	a72f659fd970d503ac88a81066e58c25.exe
PID 3236 wrote to memory of 1832	3236	a72f659fd970d503ac88a81066e58c25.exe	a72f659fd970d503ac88a81066e58c25.exe
PID 3236 wrote to memory of 1832	3236	a72f659fd970d503ac88a81066e58c25.exe	a72f659fd970d503ac88a81066e58c25.exe
PID 3236 wrote to memory of 1832	3236	a72f659fd970d503ac88a81066e58c25.exe	a72f659fd970d503ac88a81066e58c25.exe
PID 3236 wrote to memory of 1832	3236	a72f659fd970d503ac88a81066e58c25.exe	a72f659fd970d503ac88a81066e58c25.exe
PID 3236 wrote to memory of 1832	3236	a72f659fd970d503ac88a81066e58c25.exe	a72f659fd970d503ac88a81066e58c25.exe

C:\Users\Admin\AppData\Local\Temp\a72f659fd970d503ac88a81066e58c25.exe
"C:\Users\Admin\AppData\Local\Temp\a72f659fd970d503ac88a81066e58c25.exe"
2⤵
PID:1832

memory/1832-2-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1832-4-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1832-5-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1832-6-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/3236-0-0x00000000005D0000-0x00000000005D8000-memory.dmp

Filesize
32KB

Download
memory/3236-1-0x00000000005D0000-0x00000000005D8000-memory.dmp

Filesize
32KB

Download