adad8b635d0e68f9bbef153e5abb427d85de2e3a4f786668912074b8419ee239

Analysis

max time kernel
93s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2024, 10:30

Target

tmp.exe
Size

3.9MB
MD5

0cb4cc8a9f145e69c6765bc81faacc7e
SHA1

ce6f40a67bd31738f47ed4d8f017e7c13aa90ceb
SHA256

adad8b635d0e68f9bbef153e5abb427d85de2e3a4f786668912074b8419ee239
SHA512

04c86d223e6ed60af03102a704dacf8b5107edfb99a22db567990d2325b75a8208c1cc3e64f98d7a86ab3c4d44129a7d0e6bf9a79e5922edaef1ad23e5e17ee3
SSDEEP

49152:fjIJ/Kg6NGN+V+efZCM8jr/dWQciyvFTaFAtfP322EcERaScBg:0FtKk3eSJ8T4cHgYw

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4088 set thread context of 1412	4088	tmp.exe	84

Suspicious behavior: EnumeratesProcesses 26 IoCs

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4088 wrote to memory of 1412	4088	tmp.exe	84
PID 4088 wrote to memory of 1412	4088	tmp.exe	84
PID 4088 wrote to memory of 1412	4088	tmp.exe	84
PID 4088 wrote to memory of 1412	4088	tmp.exe	84
PID 4088 wrote to memory of 1412	4088	tmp.exe	84

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4088
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1412

memory/1412-13-0x0000000001390000-0x000000000147E000-memory.dmp

Filesize
952KB

Download
memory/1412-14-0x0000000001390000-0x000000000147E000-memory.dmp

Filesize
952KB

Download
memory/1412-7-0x0000000001390000-0x000000000147E000-memory.dmp

Filesize
952KB

Download
memory/1412-6-0x0000000001390000-0x000000000147E000-memory.dmp

Filesize
952KB

Download
memory/1412-8-0x0000000001390000-0x000000000147E000-memory.dmp

Filesize
952KB

Download
memory/1412-9-0x0000000001390000-0x000000000147E000-memory.dmp

Filesize
952KB

Download
memory/1412-24-0x0000000001390000-0x000000000147E000-memory.dmp

Filesize
952KB

Download
memory/1412-10-0x0000000001390000-0x000000000147E000-memory.dmp

Filesize
952KB

Download
memory/1412-4-0x0000000001390000-0x000000000147E000-memory.dmp

Filesize
952KB

Download
memory/1412-11-0x0000000001390000-0x000000000147E000-memory.dmp

Filesize
952KB

Download
memory/1412-15-0x0000000001390000-0x000000000147E000-memory.dmp

Filesize
952KB

Download
memory/1412-17-0x0000000001390000-0x000000000147E000-memory.dmp

Filesize
952KB

Download
memory/1412-16-0x0000000001390000-0x000000000147E000-memory.dmp

Filesize
952KB

Download
memory/1412-21-0x0000000001390000-0x000000000147E000-memory.dmp

Filesize
952KB

Download
memory/1412-23-0x0000000001390000-0x000000000147E000-memory.dmp

Filesize
952KB

Download
memory/4088-5-0x00007FF7DC1A0000-0x00007FF7DC5E8000-memory.dmp

Filesize
4.3MB

Download