14b464786e4d4a374edbc1145068b183ca91dd49ced7f87852d56bdf85fdd8d6

Analysis

max time kernel
1483s
max time network
1497s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
05-05-2024 15:12

Target

cheeto.exe
Size

2.5MB
MD5

4752ae9ded1b067272b532fb5fa71532
SHA1

21d5d56e2c19ba80e1490ef848e3eea7cb19ce27
SHA256

14b464786e4d4a374edbc1145068b183ca91dd49ced7f87852d56bdf85fdd8d6
SHA512

2a16fab76366621f8455c6aa991d4d204c20d1b667ee6d39a4e674a1b4b6abd865e36e090ac5508f73a3185a078ff14e30c81461745f7b97decf7f3aa5751708
SSDEEP

49152:vGAnxphqIyIc5uvBMbznLoktmx9OTcMw9xvunT6:3xnqbIc6MPnLfmKWv

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2052	cheeto.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2052 set thread context of 4476	2052	cheeto.exe	82

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 4476	2052	cheeto.exe	82
PID 2052 wrote to memory of 4476	2052	cheeto.exe	82
PID 2052 wrote to memory of 4476	2052	cheeto.exe	82
PID 2052 wrote to memory of 4476	2052	cheeto.exe	82
PID 2052 wrote to memory of 4476	2052	cheeto.exe	82
PID 2052 wrote to memory of 4476	2052	cheeto.exe	82
PID 2052 wrote to memory of 4476	2052	cheeto.exe	82
PID 2052 wrote to memory of 4476	2052	cheeto.exe	82
PID 2052 wrote to memory of 4476	2052	cheeto.exe	82

C:\Users\Admin\AppData\Local\Temp\cheeto.exe
"C:\Users\Admin\AppData\Local\Temp\cheeto.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  PID:4476

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1640

C:\Users\Admin\AppData\Roaming\d3d9.dll

Filesize
414KB

MD5
b8ebe7dc8443e833cf322550e92ab5f7

SHA1
a444f24639e0bdfa5941ee77bbf1a74ffc1b4c5d

SHA256
2c52fbcbfeda65a4c8b17f499ba782b5e282c8f8e94eb7260fc34fa246d1813c

SHA512
8c75abb16e0031b143232e54d9e695ad263be0a45269e693125e0cf18bad4b984140dc5fee869b4718c13f5cb51402329be2785a8a8d655bf6ae239228a526bb

Download Submit
memory/2052-0-0x0000000074B8E000-0x0000000074B8F000-memory.dmp

Filesize
4KB

Download
memory/2052-1-0x0000000000D60000-0x0000000001118000-memory.dmp

Filesize
3.7MB

Download
memory/2052-2-0x0000000003480000-0x0000000003481000-memory.dmp

Filesize
4KB

Download
memory/4476-8-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/4476-12-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/4476-11-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download
memory/4476-13-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download