4b8830a027c8604592997b2a1785341e42d10fc1066ca29771d813600806fe0d

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20/03/2024, 01:24

Target

d791271ebe3d51cb02a4a7b922a7e05a.exe
Size

42KB
MD5

d791271ebe3d51cb02a4a7b922a7e05a
SHA1

2fae7675d3ea8646abc550d4f7d8d3476b482b7a
SHA256

4b8830a027c8604592997b2a1785341e42d10fc1066ca29771d813600806fe0d
SHA512

64ab4ffdc96ae8c9b9a66438739abbc4c476b8ba628fabde91ee7cd322dd0347286d39995d2cf2a7ffe41e6f19bad6d9ad000847c26c9abceb5c3b335fc19549
SSDEEP

768:OzIXe/KSYbzMi5dIikLYtRb/I+zIXX+7283Xc1w6y/WjH+6b:WI6KSYbzMidk6Rb/y83Xc/y/W+I

Score

7^/10

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1uqg0cc.exe	d791271ebe3d51cb02a4a7b922a7e05a.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1uqg0cc.exe	d791271ebe3d51cb02a4a7b922a7e05a.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 5328 set thread context of 1096	5328	d791271ebe3d51cb02a4a7b922a7e05a.exe	90

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1096	d791271ebe3d51cb02a4a7b922a7e05a.exe
1096	d791271ebe3d51cb02a4a7b922a7e05a.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 5328 wrote to memory of 1096	5328	d791271ebe3d51cb02a4a7b922a7e05a.exe	90
PID 5328 wrote to memory of 1096	5328	d791271ebe3d51cb02a4a7b922a7e05a.exe	90
PID 5328 wrote to memory of 1096	5328	d791271ebe3d51cb02a4a7b922a7e05a.exe	90
PID 5328 wrote to memory of 1096	5328	d791271ebe3d51cb02a4a7b922a7e05a.exe	90
PID 5328 wrote to memory of 1096	5328	d791271ebe3d51cb02a4a7b922a7e05a.exe	90
PID 1096 wrote to memory of 3480	1096	d791271ebe3d51cb02a4a7b922a7e05a.exe	57
PID 1096 wrote to memory of 3480	1096	d791271ebe3d51cb02a4a7b922a7e05a.exe	57
PID 1096 wrote to memory of 3480	1096	d791271ebe3d51cb02a4a7b922a7e05a.exe	57

memory/1096-1-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1096-5-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/5328-0-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/5328-2-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download