4de3f163935e138f9654e3f5bcd0d53a984e3e8823ae38a7407d7e2da7f465cf

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 10:23

Target

MalwareBazaar.exe
Size

702KB
MD5

a3936a1c18d186fb0d29730473e0b9ef
SHA1

4862c2de4248296416b31c841d671e00c7a8f349
SHA256

4de3f163935e138f9654e3f5bcd0d53a984e3e8823ae38a7407d7e2da7f465cf
SHA512

7bbec3ae870dd2986a431f9fae14666dcdb0761fa5d3a8a5c906e16839038f4bf186479ae7fbf5e773374511153be2176658e62ea77e60328ba1572c06b713ae
SSDEEP

12288:lxrlAypL2jwYx3XnMDHE8IstFJa7oqXUBBHWqLwOYYPF7QkdV2Jmc:ZAyp3On27tFU7oBBB2qnPcC2J

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3284 set thread context of 1148	3284	MalwareBazaar.exe	93

Suspicious behavior: EnumeratesProcesses 14 IoCs

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3284 wrote to memory of 1148	3284	MalwareBazaar.exe	93
PID 3284 wrote to memory of 1148	3284	MalwareBazaar.exe	93
PID 3284 wrote to memory of 1148	3284	MalwareBazaar.exe	93
PID 3284 wrote to memory of 1148	3284	MalwareBazaar.exe	93
PID 3284 wrote to memory of 1148	3284	MalwareBazaar.exe	93
PID 3284 wrote to memory of 1148	3284	MalwareBazaar.exe	93

C:\Users\Admin\AppData\Local\Temp\MalwareBazaar.exe
"C:\Users\Admin\AppData\Local\Temp\MalwareBazaar.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3284
- C:\Users\Admin\AppData\Local\Temp\MalwareBazaar.exe
  "C:\Users\Admin\AppData\Local\Temp\MalwareBazaar.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1148

memory/1148-10-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/1148-15-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/1148-14-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/1148-13-0x0000000001640000-0x000000000198A000-memory.dmp

Filesize
3.3MB

Download
memory/3284-6-0x0000000005080000-0x000000000509A000-memory.dmp

Filesize
104KB

Download
memory/3284-5-0x00000000746F0000-0x0000000074EA0000-memory.dmp

Filesize
7.7MB

Download
memory/3284-0-0x00000000746FE000-0x00000000746FF000-memory.dmp

Filesize
4KB

Download
memory/3284-7-0x00000000051D0000-0x00000000051DE000-memory.dmp

Filesize
56KB

Download
memory/3284-8-0x0000000006170000-0x00000000061FE000-memory.dmp

Filesize
568KB

Download
memory/3284-9-0x0000000008800000-0x000000000889C000-memory.dmp

Filesize
624KB

Download
memory/3284-4-0x0000000004E20000-0x0000000004E2A000-memory.dmp

Filesize
40KB

Download
memory/3284-12-0x00000000746F0000-0x0000000074EA0000-memory.dmp

Filesize
7.7MB

Download
memory/3284-3-0x0000000004D60000-0x0000000004DF2000-memory.dmp

Filesize
584KB

Download
memory/3284-2-0x0000000005430000-0x00000000059D4000-memory.dmp

Filesize
5.6MB

Download
memory/3284-1-0x00000000002D0000-0x0000000000384000-memory.dmp

Filesize
720KB

Download