ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 01:53

Target

ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe
Size

1.1MB
MD5

61104e412f7a99b92790e419e8284ade
SHA1

8ac508795bbcf83aa3ff22e946dab8d51c797953
SHA256

ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25
SHA512

cfd97389d98700ea15a979282fceb197dfc6484eeeb5df5515665a9c984d122c1a05a2ecbd9a61323f8c7e80f14236b324a42a6537913ec77af3c057a2427d55
SSDEEP

24576:qAHnh+eWsN3skA4RV1Hom2KXMmHaNbn66Ng7AGOBy5:9h+ZkldoPK8YaNbnd0

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 5112 set thread context of 444	5112	ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe	81

Suspicious behavior: EnumeratesProcesses 14 IoCs

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
5112	ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
5112	ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe
5112	ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
5112	ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe
5112	ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 5112 wrote to memory of 444	5112	ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe	81
PID 5112 wrote to memory of 444	5112	ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe	81
PID 5112 wrote to memory of 444	5112	ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe	81
PID 5112 wrote to memory of 444	5112	ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe	81

C:\Users\Admin\AppData\Local\Temp\ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe
"C:\Users\Admin\AppData\Local\Temp\ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5112
- C:\Windows\SysWOW64\svchost.exe
  "C:\Users\Admin\AppData\Local\Temp\ae7dfcf2a288cc937230832e0cab1e589218cfed54b8585b4a1795c1d0988e25.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:444

C:\Users\Admin\AppData\Local\Temp\aut4BBE.tmp

Filesize
268KB

MD5
9d12ccc396ee7101c8b3f0993c9288d4

SHA1
edf09a5f61df60cfd6b80382fe2d19e0afefdf7b

SHA256
cb42b3f306f3ab2aa19d594765a476dcacce4e7db56d09d183bb0822d643a712

SHA512
badf1ac3443fadf5cf5baa6b228d4a9add53aeea94f45cc1b3acd54fd8953d33480aaa7325e4a5f32a9850716c2fcf3aeb31114aa502719846d61aeaf370db35

Download Submit
memory/444-14-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/444-13-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/444-15-0x0000000001A00000-0x0000000001D4A000-memory.dmp

Filesize
3.3MB

Download
memory/444-16-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/444-17-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/5112-12-0x0000000000D00000-0x0000000000D04000-memory.dmp

Filesize
16KB

Download