arkei | d98129981f18ffdf2db5edd0fc09442cc35ac1458971ca0ed14fe58dcd0dd3e0

Analysis

max time kernel
148s
max time network
86s
platform
windows7_x64
resource
win7-20220715-en
resource tags

arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
submitted
31/07/2022, 13:47

Target

03e81c8df40db6549e905d8832fa1b80.exe
Size

359KB
MD5

03e81c8df40db6549e905d8832fa1b80
SHA1

8653cebf8079fa38d845d12e424bcde4afd625b4
SHA256

d98129981f18ffdf2db5edd0fc09442cc35ac1458971ca0ed14fe58dcd0dd3e0
SHA512

b2999496aa5eb2ca90603a458d96523fc5795365c86e71d5a03cf79b2764ec572d4f1da15207836a78ec0df1b703b0efad46643945ffd5225c607abe5327c9e0

Score

10^/10

Family

arkei

Botnet

Default

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1220 set thread context of 1064	1220	03e81c8df40db6549e905d8832fa1b80.exe	26

Program crash 1 IoCs

pid	pid_target	Process	procid_target
828	1064	WerFault.exe	26

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 1064	1220	03e81c8df40db6549e905d8832fa1b80.exe	26
PID 1220 wrote to memory of 1064	1220	03e81c8df40db6549e905d8832fa1b80.exe	26
PID 1220 wrote to memory of 1064	1220	03e81c8df40db6549e905d8832fa1b80.exe	26
PID 1220 wrote to memory of 1064	1220	03e81c8df40db6549e905d8832fa1b80.exe	26
PID 1220 wrote to memory of 1064	1220	03e81c8df40db6549e905d8832fa1b80.exe	26
PID 1220 wrote to memory of 1064	1220	03e81c8df40db6549e905d8832fa1b80.exe	26
PID 1220 wrote to memory of 1064	1220	03e81c8df40db6549e905d8832fa1b80.exe	26
PID 1220 wrote to memory of 1064	1220	03e81c8df40db6549e905d8832fa1b80.exe	26
PID 1220 wrote to memory of 1064	1220	03e81c8df40db6549e905d8832fa1b80.exe	26
PID 1220 wrote to memory of 1064	1220	03e81c8df40db6549e905d8832fa1b80.exe	26
PID 1220 wrote to memory of 1064	1220	03e81c8df40db6549e905d8832fa1b80.exe	26
PID 1064 wrote to memory of 828	1064	03e81c8df40db6549e905d8832fa1b80.exe	29
PID 1064 wrote to memory of 828	1064	03e81c8df40db6549e905d8832fa1b80.exe	29
PID 1064 wrote to memory of 828	1064	03e81c8df40db6549e905d8832fa1b80.exe	29
PID 1064 wrote to memory of 828	1064	03e81c8df40db6549e905d8832fa1b80.exe	29

memory/1064-54-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1064-57-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1064-60-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1064-61-0x00000000753E1000-0x00000000753E3000-memory.dmp

Filesize
8KB

Download
memory/1064-63-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1220-58-0x000000000051E000-0x000000000053F000-memory.dmp

Filesize
132KB

Download
memory/1220-59-0x00000000002C0000-0x00000000002EA000-memory.dmp

Filesize
168KB

Download