a9844699fea45fcb973b994551d29298f7826efdfc40cc230b71964462ef989c

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 02:23

Target

SXGd5qsYxlVNvNi5.exe
Size

1.3MB
MD5

f19cd680ff3a86ed893a4843d90a9c72
SHA1

d9165db28b535f4e8b839ec36f7387144ab58b4a
SHA256

a9844699fea45fcb973b994551d29298f7826efdfc40cc230b71964462ef989c
SHA512

61f6c7ce8e4dfbea6473952e61c0f35f6a1723ac943ca732080e72733d2756b1290a7f0cac850fb35a5c19a569900cc1561cc249042e228e92e7ea9d25f49bed
SSDEEP

24576:QnD0S6256pc/tN5rUwtY0LUwsX9KZRG0vMss9JSFiPt0QEwcMs3ZWV5W/S1E+ri1:7g5Wc/t3/tYpR9K3vMdGiPt0HRpWV5Pk

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
4780	SXGd5qsYxlVNvNi5.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4780	SXGd5qsYxlVNvNi5.exe
4780	SXGd5qsYxlVNvNi5.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4780 wrote to memory of 2272	4780	SXGd5qsYxlVNvNi5.exe	84
PID 4780 wrote to memory of 2272	4780	SXGd5qsYxlVNvNi5.exe	84
PID 2272 wrote to memory of 1608	2272	cmd.exe	85
PID 2272 wrote to memory of 1608	2272	cmd.exe	85
PID 2272 wrote to memory of 3868	2272	cmd.exe	86
PID 2272 wrote to memory of 3868	2272	cmd.exe	86
PID 2272 wrote to memory of 2900	2272	cmd.exe	87
PID 2272 wrote to memory of 2900	2272	cmd.exe	87

memory/4780-0-0x00007FF68E3C0000-0x00007FF68EB15000-memory.dmp

Filesize
7.3MB

Download
memory/4780-2-0x00007FF68E9BE000-0x00007FF68EB15000-memory.dmp

Filesize
1.3MB

Download
memory/4780-1-0x00007FF68E3C0000-0x00007FF68EB15000-memory.dmp

Filesize
7.3MB

Download
memory/4780-3-0x00007FF68E3C0000-0x00007FF68EB15000-memory.dmp

Filesize
7.3MB

Download
memory/4780-7-0x00007FF68E3C0000-0x00007FF68EB15000-memory.dmp

Filesize
7.3MB

Download
memory/4780-8-0x0000015B3CE70000-0x0000015B3CEF1000-memory.dmp

Filesize
516KB

Download
memory/4780-6-0x00007FF68E3C0000-0x00007FF68EB15000-memory.dmp

Filesize
7.3MB

Download
memory/4780-12-0x0000015B3CE20000-0x0000015B3CE24000-memory.dmp

Filesize
16KB

Download
memory/4780-4-0x00007FF68E3C0000-0x00007FF68EB15000-memory.dmp

Filesize
7.3MB

Download
memory/4780-5-0x00007FF68E3C0000-0x00007FF68EB15000-memory.dmp

Filesize
7.3MB

Download
memory/4780-15-0x00007FF68E3C0000-0x00007FF68EB15000-memory.dmp

Filesize
7.3MB

Download
memory/4780-16-0x00007FF68E9BE000-0x00007FF68EB15000-memory.dmp

Filesize
1.3MB

Download