4f396d1e69695362e3716acf27b0501304aaaae348ed77f06a7c3230eb354e0e

Analysis

max time kernel
94s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 15:01

Target

Oflain.exe
Size

519KB
MD5

1a87f751d822ff2466f50959fd0c817a
SHA1

b71a96e39b863217288f7f95be3129f80f6038d4
SHA256

4f396d1e69695362e3716acf27b0501304aaaae348ed77f06a7c3230eb354e0e
SHA512

aeb5acc2d67bfb6fd5006e789983ab8b5c44f9f17caa29756844aaf923a4e7db01c687a2d4661efd065505063137069743dcc2534dd4ec7fa80b88424b3272e4
SSDEEP

6144:BCent7w+F+HhgsL0cS7x44KhwoGrC+skf/ypGPK5DBde:BCS9w+F+HyfzKhwoG2EXNP03e

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4452 set thread context of 4664	4452	Oflain.exe	87

Suspicious behavior: EnumeratesProcesses 15 IoCs

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4452 wrote to memory of 4664	4452	Oflain.exe	87
PID 4452 wrote to memory of 4664	4452	Oflain.exe	87
PID 4452 wrote to memory of 4664	4452	Oflain.exe	87
PID 4452 wrote to memory of 4664	4452	Oflain.exe	87
PID 4452 wrote to memory of 4664	4452	Oflain.exe	87
PID 4452 wrote to memory of 4664	4452	Oflain.exe	87

C:\Users\Admin\AppData\Local\Temp\Oflain.exe
"C:\Users\Admin\AppData\Local\Temp\Oflain.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4452
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4664

memory/4452-0-0x00007FFDB4593000-0x00007FFDB4595000-memory.dmp

Filesize
8KB

Download
memory/4452-1-0x00000000007B0000-0x0000000000836000-memory.dmp

Filesize
536KB

Download
memory/4452-2-0x00007FFDB4590000-0x00007FFDB5051000-memory.dmp

Filesize
10.8MB

Download
memory/4452-12-0x000000001C040000-0x000000001C04A000-memory.dmp

Filesize
40KB

Download
memory/4452-15-0x00007FFDB4590000-0x00007FFDB5051000-memory.dmp

Filesize
10.8MB

Download
memory/4664-14-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/4664-16-0x00000000011B0000-0x00000000014FA000-memory.dmp

Filesize
3.3MB

Download
memory/4664-17-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/4664-18-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download