0b3f24b3feeac3d9a82d19cae578695acbbf9b7f2635b75c08c9d0c01483df8e

Analysis

max time kernel
139s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 16:18

Target

quickaccesspopup.exe
Size

5.3MB
MD5

34b7f00d12b3038498138e52e03cff3c
SHA1

3909faa970757f2653d170eb4b12b9888fc0c942
SHA256

0b3f24b3feeac3d9a82d19cae578695acbbf9b7f2635b75c08c9d0c01483df8e
SHA512

24f0cfdfae905757088f26117212492057b9527c7c9793cca71d8761fbf4221dfbac806ecd143b6b31443ffbde43b1e6c11654056ac8d79bf2d74e61381673b0
SSDEEP

49152:aa+WtZnm23Dkwlg4YzuCe4dreJfR1MLyHXMWM4/99ZDGhuWj45EB5yXmZwGT7tww:R3Y23Dk4wdmtXVDV3EHJwat

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4896 set thread context of 1540	4896	quickaccesspopup.exe	93

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4896 wrote to memory of 1540	4896	quickaccesspopup.exe	93
PID 4896 wrote to memory of 1540	4896	quickaccesspopup.exe	93
PID 4896 wrote to memory of 1540	4896	quickaccesspopup.exe	93
PID 4896 wrote to memory of 1540	4896	quickaccesspopup.exe	93
PID 4896 wrote to memory of 1540	4896	quickaccesspopup.exe	93

C:\Users\Admin\AppData\Local\Temp\quickaccesspopup.exe
"C:\Users\Admin\AppData\Local\Temp\quickaccesspopup.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4896
- C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
  C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
  2⤵
  PID:1540

memory/1540-5-0x0000000000930000-0x0000000000986000-memory.dmp

Filesize
344KB

Download
memory/1540-8-0x0000000000930000-0x0000000000986000-memory.dmp

Filesize
344KB

Download
memory/1540-9-0x0000000000930000-0x0000000000986000-memory.dmp

Filesize
344KB

Download
memory/1540-10-0x0000000000930000-0x0000000000986000-memory.dmp

Filesize
344KB

Download
memory/4896-2-0x00007FF783EA0000-0x00007FF784459000-memory.dmp

Filesize
5.7MB

Download
memory/4896-6-0x00007FF783EA0000-0x00007FF784459000-memory.dmp

Filesize
5.7MB

Download