b0e6a88e88c1285509436037b3a3f41f4736460bdd64db7086e032fa2cee4832

Analysis

max time kernel
250s
max time network
261s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2024, 15:56

Target

igccu.exe
Size

1.1MB
MD5

c3ebea7cd7e96887d0fffff22bf00101
SHA1

1e2a2b28d96799f978d86cfb14744e92aeb18220
SHA256

b0e6a88e88c1285509436037b3a3f41f4736460bdd64db7086e032fa2cee4832
SHA512

310c12aff1dd0b13f1a9a3897969bf9b90cdb950660efc27a97093f979dc9c06563a9d596b4511225cfe924311fdbf5233b48dd2bcddfbcb44642ee9eb22ebc8
SSDEEP

24576:iAHnh+eWsN3skA4RV1Hom2KXMmHa64SEp5qxKux7C1LMfGJ5:lh+ZkldoPK8Ya6FS5XuUhMfk

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2372 set thread context of 4428	2372	igccu.exe	82

Suspicious behavior: EnumeratesProcesses 14 IoCs

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
2372	igccu.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2372	igccu.exe
2372	igccu.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2372	igccu.exe
2372	igccu.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 4428	2372	igccu.exe	82
PID 2372 wrote to memory of 4428	2372	igccu.exe	82
PID 2372 wrote to memory of 4428	2372	igccu.exe	82
PID 2372 wrote to memory of 4428	2372	igccu.exe	82

C:\Users\Admin\AppData\Local\Temp\igccu.exe
"C:\Users\Admin\AppData\Local\Temp\igccu.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\SysWOW64\svchost.exe
  "C:\Users\Admin\AppData\Local\Temp\igccu.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4428

C:\Users\Admin\AppData\Local\Temp\aut609E.tmp

Filesize
264KB

MD5
23d91bc6f8608c8d788890539b6127f3

SHA1
233692af0c89d215fb032d35c33190d19a581985

SHA256
5cde9e3dbfa9f051254881198aac9e3d103fde3e63780ed53f6a53a12c0e3e8b

SHA512
421d7eecce0d5b93067534ebe7c8108ffcbe5bc4bf8342d635879a4407479f10b52b4a09631ec6b970a1e5cf64f1b63c2c827ad19666c46c6ad7aac352a48c5c

Download Submit
memory/2372-12-0x0000000004030000-0x0000000004034000-memory.dmp

Filesize
16KB

Download
memory/4428-13-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4428-14-0x0000000001A00000-0x0000000001D4A000-memory.dmp

Filesize
3.3MB

Download
memory/4428-15-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4428-16-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download