89efbc360186bfb3998c3c58181fb4276485dbdc9c279450deccc7303b1ba8d8

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 07:40

Target

c5563158ca35c8ec5392af1e92d3c5aa.exe
Size

176KB
MD5

c5563158ca35c8ec5392af1e92d3c5aa
SHA1

5f35f66bd74d453c8f7447a0f349a1d2874f04b9
SHA256

89efbc360186bfb3998c3c58181fb4276485dbdc9c279450deccc7303b1ba8d8
SHA512

0edf18908cbd153d1142c5ba2d90858a8b5637555b005d0036835b75ecee813d2d2c28a8fe7a134acdc7c202382b875994966cb583479ff983bfd18b8a381539
SSDEEP

3072:lnjr5eaiELTAgNpy+SiJWY9Xw5kd5sHU0A0t5T4lfTuek2Sdj5TFwpFUYFeaJMW:Bjl9DNNo9icqX9dGHU7iF4VSexSdlTFc

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3724 set thread context of 4612	3724	c5563158ca35c8ec5392af1e92d3c5aa.exe	96

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 3724 wrote to memory of 4612	3724	c5563158ca35c8ec5392af1e92d3c5aa.exe	96
PID 3724 wrote to memory of 4612	3724	c5563158ca35c8ec5392af1e92d3c5aa.exe	96
PID 3724 wrote to memory of 4612	3724	c5563158ca35c8ec5392af1e92d3c5aa.exe	96
PID 3724 wrote to memory of 4612	3724	c5563158ca35c8ec5392af1e92d3c5aa.exe	96
PID 3724 wrote to memory of 4612	3724	c5563158ca35c8ec5392af1e92d3c5aa.exe	96
PID 3724 wrote to memory of 4612	3724	c5563158ca35c8ec5392af1e92d3c5aa.exe	96
PID 3724 wrote to memory of 4612	3724	c5563158ca35c8ec5392af1e92d3c5aa.exe	96
PID 3724 wrote to memory of 4612	3724	c5563158ca35c8ec5392af1e92d3c5aa.exe	96

C:\Users\Admin\AppData\Local\Temp\c5563158ca35c8ec5392af1e92d3c5aa.exe
"C:\Users\Admin\AppData\Local\Temp\c5563158ca35c8ec5392af1e92d3c5aa.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3724
- C:\Users\Admin\AppData\Local\Temp\c5563158ca35c8ec5392af1e92d3c5aa.exe
  C:\Users\Admin\AppData\Local\Temp\c5563158ca35c8ec5392af1e92d3c5aa.exe
  2⤵
  PID:4612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1424 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
1⤵
PID:4644

memory/3724-0-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/3724-1-0x0000000000A00000-0x0000000000A01000-memory.dmp

Filesize
4KB

Download
memory/3724-2-0x0000000002450000-0x0000000002474000-memory.dmp

Filesize
144KB

Download
memory/3724-3-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/4612-4-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4612-7-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4612-10-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4612-11-0x0000000000430000-0x00000000004F9000-memory.dmp

Filesize
804KB

Download
memory/4612-12-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download