34d34d025d6dfd3e5881fcb420b8094d2ccd1286ae9d38f7267689935808a9ce

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 05:19

Target

34d34d025d6dfd3e5881fcb420b8094d2ccd1286ae9d38f7267689935808a9ce.exe
Size

484KB
MD5

0290a76d4e9376fb1eaf78aa3d722f41
SHA1

b49aadd12dbfce4d9ef622c6fc814853af0c1dac
SHA256

34d34d025d6dfd3e5881fcb420b8094d2ccd1286ae9d38f7267689935808a9ce
SHA512

11a236a5fa8a86bef22726aea6806b4f1af14b6e751d1d0ab671ba0d28d18e273a46ae68e8f0501a4315dc2dbda80da473f86492fe83b470df426b0ed8103620
SSDEEP

6144:Ubya7bc6nBFJJdhPRAySMTtdK7ux8KSvYRGvVCp:havcUFJJPeySMhdK7ux8KSv1Q

Score

7^/10

Deletes itself 1 IoCs

pid	Process
1756	cmd.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1844 set thread context of 1632	1844	34d34d025d6dfd3e5881fcb420b8094d2ccd1286ae9d38f7267689935808a9ce.exe	27

Suspicious use of WriteProcessMemory 13 IoCs

description	pid	Process	procid_target
PID 1844 wrote to memory of 1632	1844	34d34d025d6dfd3e5881fcb420b8094d2ccd1286ae9d38f7267689935808a9ce.exe	27
PID 1844 wrote to memory of 1632	1844	34d34d025d6dfd3e5881fcb420b8094d2ccd1286ae9d38f7267689935808a9ce.exe	27
PID 1844 wrote to memory of 1632	1844	34d34d025d6dfd3e5881fcb420b8094d2ccd1286ae9d38f7267689935808a9ce.exe	27
PID 1844 wrote to memory of 1632	1844	34d34d025d6dfd3e5881fcb420b8094d2ccd1286ae9d38f7267689935808a9ce.exe	27
PID 1844 wrote to memory of 1632	1844	34d34d025d6dfd3e5881fcb420b8094d2ccd1286ae9d38f7267689935808a9ce.exe	27
PID 1844 wrote to memory of 1632	1844	34d34d025d6dfd3e5881fcb420b8094d2ccd1286ae9d38f7267689935808a9ce.exe	27
PID 1844 wrote to memory of 1632	1844	34d34d025d6dfd3e5881fcb420b8094d2ccd1286ae9d38f7267689935808a9ce.exe	27
PID 1844 wrote to memory of 1632	1844	34d34d025d6dfd3e5881fcb420b8094d2ccd1286ae9d38f7267689935808a9ce.exe	27
PID 1844 wrote to memory of 1632	1844	34d34d025d6dfd3e5881fcb420b8094d2ccd1286ae9d38f7267689935808a9ce.exe	27
PID 1844 wrote to memory of 1756	1844	34d34d025d6dfd3e5881fcb420b8094d2ccd1286ae9d38f7267689935808a9ce.exe	28
PID 1844 wrote to memory of 1756	1844	34d34d025d6dfd3e5881fcb420b8094d2ccd1286ae9d38f7267689935808a9ce.exe	28
PID 1844 wrote to memory of 1756	1844	34d34d025d6dfd3e5881fcb420b8094d2ccd1286ae9d38f7267689935808a9ce.exe	28
PID 1844 wrote to memory of 1756	1844	34d34d025d6dfd3e5881fcb420b8094d2ccd1286ae9d38f7267689935808a9ce.exe	28

C:\Users\Admin\AppData\Local\Temp\34d34d025d6dfd3e5881fcb420b8094d2ccd1286ae9d38f7267689935808a9ce.exe
"C:\Users\Admin\AppData\Local\Temp\34d34d025d6dfd3e5881fcb420b8094d2ccd1286ae9d38f7267689935808a9ce.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1844
- C:\Users\Admin\AppData\Local\Temp\34d34d025d6dfd3e5881fcb420b8094d2ccd1286ae9d38f7267689935808a9ce.exe
  "C:\Users\Admin\AppData\Local\Temp\34d34d025d6dfd3e5881fcb420b8094d2ccd1286ae9d38f7267689935808a9ce.exe"
  2⤵
  PID:1632
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\jnduf.bat
  2⤵
  - Deletes itself
  PID:1756

C:\Users\Admin\AppData\Local\Temp\jnduf.bat

Filesize
516B

MD5
942e8ed241bfc3cbc782bcc33fc660e7

SHA1
3fce4772a1d5ba9bc1cebc7a2978628861e951ef

SHA256
94518e136c14fde8255f00450037616eec4a24331a4cb7b0b3e40107f093169e

SHA512
eb0a71d318988b40d89ffdb5ad9e926129ef584ad992766ec4cad2198f2074c1cc665a57a13d6badacf5e324ba1fe67d00fc9822a28572a98cb99f7952ace8a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\jnduf~.tmp

Filesize
484KB

MD5
473efc27c7a55bdd02f9982bdf7a7e2c

SHA1
41b77aa0ab12e85fcaf1ee7b15e0affc246fd55e

SHA256
8ada375226c0f1d5a09e3aba5a9ce85ed4f192ab6b3844229ccea0e734ae88f5

SHA512
924c5262eefe622a5ed1ccd90b292503e58cb33af7446417794914d2423d32c1e8b8729acb5049e65a52b9a5a3b0df8339015355642d61484ae417f0ded3e92a

Download Submit
memory/1632-55-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1632-56-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1632-58-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1632-60-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1632-62-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1632-67-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1632-68-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1844-54-0x0000000075B41000-0x0000000075B43000-memory.dmp

Filesize
8KB

Download