0131154181fecb45f5202d01df6829c8dda517cfd222cd8ca0cf2c493b128c75

Analysis

max time kernel
233s
max time network
253s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-09-2022 03:33

Target

0131154181fecb45f5202d01df6829c8dda517cfd222cd8ca0cf2c493b128c75.exe
Size

345KB
MD5

eec7e67afe150415f007130fb618ef24
SHA1

40cd834f95206e7c491a07749613d8c49206d48a
SHA256

0131154181fecb45f5202d01df6829c8dda517cfd222cd8ca0cf2c493b128c75
SHA512

1fd070b9b1b80dcf4a892492a6024b6389bc946edd20c10d59642447f48ab8f330f62db468a28f626c5b479fc332980a2888b08d33229078dc3e86ad97541e63
SSDEEP

6144:8GLlCEu5NC9YscJ8+tM1RMOcpohtLLbowLmW70FGg6WYc:notCXcJ4MRpoXowLmWtg9

Score

8^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

0131154181fecb45f5202d01df6829c8dda517cfd222cd8ca0cf2c493b128c75.exe

description	pid	process	target process
PID 544 set thread context of 1984	544	0131154181fecb45f5202d01df6829c8dda517cfd222cd8ca0cf2c493b128c75.exe	RegSvcs.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

0131154181fecb45f5202d01df6829c8dda517cfd222cd8ca0cf2c493b128c75.exe

description	pid	process	target process
PID 544 wrote to memory of 1984	544	0131154181fecb45f5202d01df6829c8dda517cfd222cd8ca0cf2c493b128c75.exe	RegSvcs.exe
PID 544 wrote to memory of 1984	544	0131154181fecb45f5202d01df6829c8dda517cfd222cd8ca0cf2c493b128c75.exe	RegSvcs.exe
PID 544 wrote to memory of 1984	544	0131154181fecb45f5202d01df6829c8dda517cfd222cd8ca0cf2c493b128c75.exe	RegSvcs.exe
PID 544 wrote to memory of 1984	544	0131154181fecb45f5202d01df6829c8dda517cfd222cd8ca0cf2c493b128c75.exe	RegSvcs.exe
PID 544 wrote to memory of 1984	544	0131154181fecb45f5202d01df6829c8dda517cfd222cd8ca0cf2c493b128c75.exe	RegSvcs.exe
PID 544 wrote to memory of 1984	544	0131154181fecb45f5202d01df6829c8dda517cfd222cd8ca0cf2c493b128c75.exe	RegSvcs.exe
PID 544 wrote to memory of 1984	544	0131154181fecb45f5202d01df6829c8dda517cfd222cd8ca0cf2c493b128c75.exe	RegSvcs.exe
PID 544 wrote to memory of 1984	544	0131154181fecb45f5202d01df6829c8dda517cfd222cd8ca0cf2c493b128c75.exe	RegSvcs.exe
PID 544 wrote to memory of 1984	544	0131154181fecb45f5202d01df6829c8dda517cfd222cd8ca0cf2c493b128c75.exe	RegSvcs.exe
PID 544 wrote to memory of 1984	544	0131154181fecb45f5202d01df6829c8dda517cfd222cd8ca0cf2c493b128c75.exe	RegSvcs.exe
PID 544 wrote to memory of 1984	544	0131154181fecb45f5202d01df6829c8dda517cfd222cd8ca0cf2c493b128c75.exe	RegSvcs.exe
PID 544 wrote to memory of 1984	544	0131154181fecb45f5202d01df6829c8dda517cfd222cd8ca0cf2c493b128c75.exe	RegSvcs.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
2⤵
PID:1984

memory/1984-55-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1984-57-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1984-54-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1984-62-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1984-60-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1984-59-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1984-64-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1984-63-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1984-65-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1984-66-0x0000000140003FEC-mapping.dmp

Download
memory/1984-68-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1984-69-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1984-70-0x000007FEFBB21000-0x000007FEFBB23000-memory.dmp

Filesize
8KB

Download