6f001ffcf01b277bd49340fcf6dfaeaa8248bca8e6d9096caf1630e809d6bd17

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
15/09/2022, 23:42

Target

file.exe
Size

1.7MB
MD5

d2e0cb24fce237ce0feba8dbaed2320c
SHA1

6b9f608f4dc210259f513eda063244d68c6d21e2
SHA256

6f001ffcf01b277bd49340fcf6dfaeaa8248bca8e6d9096caf1630e809d6bd17
SHA512

1725c49f821aa7c8e64532dcf428c6d550d6624dcce3057c8b1b06a1465caf0b134b4b016dd7ecfb8dba7e9004874568ddbb2871e1ab26fdc01bde3b6d09ceb8
SSDEEP

24576:7kpfXYUYPyKP20MKYl5f8oA+NAXSGV6b6KJ2weHS1MLCSAxl7GYzLHEE/UbP0p5:opuwNAXfQEw6spl75T/UT0T

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 896 set thread context of 98348	896	file.exe	29

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 896 wrote to memory of 98348	896	file.exe	29
PID 896 wrote to memory of 98348	896	file.exe	29
PID 896 wrote to memory of 98348	896	file.exe	29
PID 896 wrote to memory of 98348	896	file.exe	29
PID 896 wrote to memory of 98348	896	file.exe	29
PID 896 wrote to memory of 98348	896	file.exe	29
PID 896 wrote to memory of 98348	896	file.exe	29
PID 896 wrote to memory of 98348	896	file.exe	29
PID 896 wrote to memory of 98348	896	file.exe	29

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:896
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:98348

memory/896-57-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/896-66-0x0000000000400000-0x00000000005AB000-memory.dmp

Filesize
1.7MB

Download
memory/98348-54-0x0000000000400000-0x00000000004A2000-memory.dmp

Filesize
648KB

Download
memory/98348-56-0x0000000000400000-0x00000000004A2000-memory.dmp

Filesize
648KB

Download
memory/98348-65-0x0000000075E31000-0x0000000075E33000-memory.dmp

Filesize
8KB

Download
memory/98348-67-0x0000000000400000-0x00000000004A2000-memory.dmp

Filesize
648KB

Download
memory/98348-68-0x0000000000400000-0x00000000004A2000-memory.dmp

Filesize
648KB

Download