55bd622a18d6d97d9ad2613d6b15991c5ae1444068f2ea1350005699b4cf7073

Analysis

max time kernel
151s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 12:53

Target

c36aaca55d323b220c51e97403109783.exe
Size

239KB
MD5

c36aaca55d323b220c51e97403109783
SHA1

963ec5739708c8a4663c42b5dec3d7029b086780
SHA256

55bd622a18d6d97d9ad2613d6b15991c5ae1444068f2ea1350005699b4cf7073
SHA512

f2d9654a930faa8425d8b8e7309e6172b704ea9d64b09106eeae602a2fa2fae15f8e0927a5255cf81c3bd9c7a54e1ab1672d7ae01261a43316395509b57550d0
SSDEEP

3072:Ishel/y+zsKfHtI5r6IgIAmG/OCtCgUPa9Ef0zS8By+crMyww+K5iF4oq:Isk/yuV/m5mIpG9tCgQa9KqSBoOZ5oq

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3536	X

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 940 set thread context of 4272	940	c36aaca55d323b220c51e97403109783.exe	98

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3536	X
3536	X

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
3372	Explorer.EXE

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 940 wrote to memory of 4272	940	c36aaca55d323b220c51e97403109783.exe	98
PID 940 wrote to memory of 4272	940	c36aaca55d323b220c51e97403109783.exe	98
PID 940 wrote to memory of 4272	940	c36aaca55d323b220c51e97403109783.exe	98
PID 940 wrote to memory of 3536	940	c36aaca55d323b220c51e97403109783.exe	99
PID 940 wrote to memory of 3536	940	c36aaca55d323b220c51e97403109783.exe	99
PID 3536 wrote to memory of 3372	3536	X	57

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious use of UnmapMainImage
PID:3372
- C:\Users\Admin\AppData\Local\Temp\c36aaca55d323b220c51e97403109783.exe
  "C:\Users\Admin\AppData\Local\Temp\c36aaca55d323b220c51e97403109783.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:940
- - C:\Windows\explorer.exe
    00000220*
    3⤵
    PID:4272
- - C:\Users\Admin\AppData\Local\9fc7b2d2\X
    193.105.154.210:80
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
1⤵
PID:420

C:\Users\Admin\AppData\Local\9fc7b2d2\X

Filesize
41KB

MD5
686b479b0ee164cf1744a8be359ebb7d

SHA1
8615e8f967276a85110b198d575982a958581a07

SHA256
fcfbb4c648649f4825b66504b261f912227ba32cbaabcadf4689020a83fb201b

SHA512
7ed8022e2b09f232150b77fc3a25269365b624f19f0b50c46a4fdf744eeb23294c09c051452c4c9dbb34a274f1a0bfc54b3ff1987ec16ae2e54848e22a97ed64

Download Submit
memory/940-1-0x0000000000400000-0x0000000000449184-memory.dmp

Filesize
292KB

Download
memory/940-2-0x0000000000750000-0x0000000000850000-memory.dmp

Filesize
1024KB

Download
memory/940-10-0x0000000000400000-0x0000000000449184-memory.dmp

Filesize
292KB

Download
memory/3372-9-0x0000000001280000-0x0000000001288000-memory.dmp

Filesize
32KB

Download
memory/4272-3-0x0000000000EB0000-0x0000000000EC2000-memory.dmp

Filesize
72KB

Download