b1e3d0fbc99637ea6dd51c1041fdd5f315de0582382c00b8fbf160cd748bbc17

Analysis

max time kernel
48s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
10-09-2022 18:29

Target

2e801601f6fbfc97bb5a991bd4a4b92ea591eabe70d7d86a6eac26549fcfab5d.exe
Size

365KB
MD5

6e9fdb1ac3859e908475bc69b239435a
SHA1

251dcbd7385c20b02a7a9dfce1270b834c5d4659
SHA256

2e801601f6fbfc97bb5a991bd4a4b92ea591eabe70d7d86a6eac26549fcfab5d
SHA512

2c5b2ee91a4347f477c7ff802b1b562f548a8bc45c08fde06ec359c221f07f921291e46bf639377ef5cf20f7581e1d40b0e008c26ea89812f05ea73565093bc5
SSDEEP

6144:ecTKOC7+0H3uMAKbUQ8qfH4umdyJRVP+C5XYo9zZ1FKGUOUTE6qJWoDU0v+Dudrr:eWqH3D3bUQ8qfH4byJRV2CNYYBKGUOWC

Score

7^/10

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System_Manager.exe	2e801601f6fbfc97bb5a991bd4a4b92ea591eabe70d7d86a6eac26549fcfab5d.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System_Manager.exe	2e801601f6fbfc97bb5a991bd4a4b92ea591eabe70d7d86a6eac26549fcfab5d.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1552 set thread context of 1548	1552	2e801601f6fbfc97bb5a991bd4a4b92ea591eabe70d7d86a6eac26549fcfab5d.exe	27

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1552 wrote to memory of 1548	1552	2e801601f6fbfc97bb5a991bd4a4b92ea591eabe70d7d86a6eac26549fcfab5d.exe	27
PID 1552 wrote to memory of 1548	1552	2e801601f6fbfc97bb5a991bd4a4b92ea591eabe70d7d86a6eac26549fcfab5d.exe	27
PID 1552 wrote to memory of 1548	1552	2e801601f6fbfc97bb5a991bd4a4b92ea591eabe70d7d86a6eac26549fcfab5d.exe	27
PID 1552 wrote to memory of 1548	1552	2e801601f6fbfc97bb5a991bd4a4b92ea591eabe70d7d86a6eac26549fcfab5d.exe	27
PID 1552 wrote to memory of 1548	1552	2e801601f6fbfc97bb5a991bd4a4b92ea591eabe70d7d86a6eac26549fcfab5d.exe	27
PID 1552 wrote to memory of 1548	1552	2e801601f6fbfc97bb5a991bd4a4b92ea591eabe70d7d86a6eac26549fcfab5d.exe	27
PID 1552 wrote to memory of 1548	1552	2e801601f6fbfc97bb5a991bd4a4b92ea591eabe70d7d86a6eac26549fcfab5d.exe	27
PID 1552 wrote to memory of 1548	1552	2e801601f6fbfc97bb5a991bd4a4b92ea591eabe70d7d86a6eac26549fcfab5d.exe	27
PID 1552 wrote to memory of 1548	1552	2e801601f6fbfc97bb5a991bd4a4b92ea591eabe70d7d86a6eac26549fcfab5d.exe	27
PID 1552 wrote to memory of 1548	1552	2e801601f6fbfc97bb5a991bd4a4b92ea591eabe70d7d86a6eac26549fcfab5d.exe	27
PID 1552 wrote to memory of 1548	1552	2e801601f6fbfc97bb5a991bd4a4b92ea591eabe70d7d86a6eac26549fcfab5d.exe	27
PID 1552 wrote to memory of 1548	1552	2e801601f6fbfc97bb5a991bd4a4b92ea591eabe70d7d86a6eac26549fcfab5d.exe	27

C:\Users\Admin\AppData\Local\Temp\2e801601f6fbfc97bb5a991bd4a4b92ea591eabe70d7d86a6eac26549fcfab5d.exe
"C:\Users\Admin\AppData\Local\Temp\2e801601f6fbfc97bb5a991bd4a4b92ea591eabe70d7d86a6eac26549fcfab5d.exe"
1⤵
- Drops startup file
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1552
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
  2⤵
  PID:1548

memory/1548-55-0x0000000140000000-0x0000000140048000-memory.dmp

Filesize
288KB

Download
memory/1548-54-0x0000000140000000-0x0000000140048000-memory.dmp

Filesize
288KB

Download
memory/1548-61-0x0000000140000000-0x0000000140048000-memory.dmp

Filesize
288KB

Download
memory/1548-59-0x0000000140000000-0x0000000140048000-memory.dmp

Filesize
288KB

Download
memory/1548-57-0x0000000140000000-0x0000000140048000-memory.dmp

Filesize
288KB

Download
memory/1548-65-0x0000000140000000-0x0000000140048000-memory.dmp

Filesize
288KB

Download
memory/1548-66-0x0000000140000000-0x0000000140048000-memory.dmp

Filesize
288KB

Download
memory/1548-64-0x0000000140000000-0x0000000140048000-memory.dmp

Filesize
288KB

Download
memory/1548-63-0x0000000140000000-0x0000000140048000-memory.dmp

Filesize
288KB

Download
memory/1548-69-0x0000000140000000-0x0000000140048000-memory.dmp

Filesize
288KB

Download
memory/1548-70-0x0000000140000000-0x0000000140048000-memory.dmp

Filesize
288KB

Download