c46815c7f40344b5a256c00dc9cd3824827b6f297ab407c817fbdd1fcd42a9f3

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/10/2022, 22:16

Target

c46815c7f40344b5a256c00dc9cd3824827b6f297ab407c817fbdd1fcd42a9f3.exe
Size

60KB
MD5

5e543319eacd09163856e073672d060f
SHA1

6e12d4bf8db78060ad42e2aef2213efe958e0945
SHA256

c46815c7f40344b5a256c00dc9cd3824827b6f297ab407c817fbdd1fcd42a9f3
SHA512

230a0980ee7ca41b8d3efc9199c4f7e6604921bafe540ca9479a1518621d63aea0b55486c1355cc7c829f2222554a5bb8ea97561b6eac32c34889eb59b9f942a
SSDEEP

768:LDhjgdzKPkd54IB0Bz6gti2GHchdPYClGro8Cd4jWFcDSYW4hoUDkYXCtOtdqicu:vhjyGBz6OGTCYr+Fc2Y7hoU8twdqiO

Score

7^/10

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ot2tj5y75t.exe	c46815c7f40344b5a256c00dc9cd3824827b6f297ab407c817fbdd1fcd42a9f3.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ot2tj5y75t.exe	c46815c7f40344b5a256c00dc9cd3824827b6f297ab407c817fbdd1fcd42a9f3.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1948 set thread context of 1912	1948	c46815c7f40344b5a256c00dc9cd3824827b6f297ab407c817fbdd1fcd42a9f3.exe	28

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1912	c46815c7f40344b5a256c00dc9cd3824827b6f297ab407c817fbdd1fcd42a9f3.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 1912	1948	c46815c7f40344b5a256c00dc9cd3824827b6f297ab407c817fbdd1fcd42a9f3.exe	28
PID 1948 wrote to memory of 1912	1948	c46815c7f40344b5a256c00dc9cd3824827b6f297ab407c817fbdd1fcd42a9f3.exe	28
PID 1948 wrote to memory of 1912	1948	c46815c7f40344b5a256c00dc9cd3824827b6f297ab407c817fbdd1fcd42a9f3.exe	28
PID 1948 wrote to memory of 1912	1948	c46815c7f40344b5a256c00dc9cd3824827b6f297ab407c817fbdd1fcd42a9f3.exe	28
PID 1948 wrote to memory of 1912	1948	c46815c7f40344b5a256c00dc9cd3824827b6f297ab407c817fbdd1fcd42a9f3.exe	28
PID 1948 wrote to memory of 1912	1948	c46815c7f40344b5a256c00dc9cd3824827b6f297ab407c817fbdd1fcd42a9f3.exe	28
PID 1912 wrote to memory of 1284	1912	c46815c7f40344b5a256c00dc9cd3824827b6f297ab407c817fbdd1fcd42a9f3.exe	16
PID 1912 wrote to memory of 1284	1912	c46815c7f40344b5a256c00dc9cd3824827b6f297ab407c817fbdd1fcd42a9f3.exe	16
PID 1912 wrote to memory of 1284	1912	c46815c7f40344b5a256c00dc9cd3824827b6f297ab407c817fbdd1fcd42a9f3.exe	16

memory/1284-62-0x0000000002990000-0x0000000002993000-memory.dmp

Filesize
12KB

Download
memory/1912-57-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1912-61-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1912-64-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1948-55-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1948-54-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1948-56-0x0000000076031000-0x0000000076033000-memory.dmp

Filesize
8KB

Download
memory/1948-60-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download