ba48866859697c7532d4578fa2c547a0cf5ae42878e9567e6c87d027fb4da865

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 09:16

Target

ba48866859697c7532d4578fa2c547a0cf5ae42878e9567e6c87d027fb4da865.exe
Size

234KB
MD5

7665bf2177fb7bcdc3580fa218989f40
SHA1

2f6aebecefb6947435dbf24760da1c84d18d9b7d
SHA256

ba48866859697c7532d4578fa2c547a0cf5ae42878e9567e6c87d027fb4da865
SHA512

efd425317f6528c23ac8e3df8f51b0877d2a6053543c2621bdb2283f58c4a74f15bb8d6e38cdcb41e5d82d40d45ddb80f070771a96fc25269a2a306d4e5d2ce6
SSDEEP

6144:ojFEiZxi1oiH+Z2xVGs13sUsETyPYPXu6V91b/hrjC:ojFEAgPeZ2xAPawYPeQHC

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1104 set thread context of 1744	1104	ba48866859697c7532d4578fa2c547a0cf5ae42878e9567e6c87d027fb4da865.exe	27

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 1744	1104	ba48866859697c7532d4578fa2c547a0cf5ae42878e9567e6c87d027fb4da865.exe	27
PID 1104 wrote to memory of 1744	1104	ba48866859697c7532d4578fa2c547a0cf5ae42878e9567e6c87d027fb4da865.exe	27
PID 1104 wrote to memory of 1744	1104	ba48866859697c7532d4578fa2c547a0cf5ae42878e9567e6c87d027fb4da865.exe	27
PID 1104 wrote to memory of 1744	1104	ba48866859697c7532d4578fa2c547a0cf5ae42878e9567e6c87d027fb4da865.exe	27
PID 1104 wrote to memory of 1744	1104	ba48866859697c7532d4578fa2c547a0cf5ae42878e9567e6c87d027fb4da865.exe	27
PID 1104 wrote to memory of 1744	1104	ba48866859697c7532d4578fa2c547a0cf5ae42878e9567e6c87d027fb4da865.exe	27
PID 1104 wrote to memory of 1744	1104	ba48866859697c7532d4578fa2c547a0cf5ae42878e9567e6c87d027fb4da865.exe	27
PID 1104 wrote to memory of 1744	1104	ba48866859697c7532d4578fa2c547a0cf5ae42878e9567e6c87d027fb4da865.exe	27
PID 1104 wrote to memory of 1744	1104	ba48866859697c7532d4578fa2c547a0cf5ae42878e9567e6c87d027fb4da865.exe	27

C:\Users\Admin\AppData\Local\Temp\ba48866859697c7532d4578fa2c547a0cf5ae42878e9567e6c87d027fb4da865.exe
"C:\Users\Admin\AppData\Local\Temp\ba48866859697c7532d4578fa2c547a0cf5ae42878e9567e6c87d027fb4da865.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1104
- \??\c:\users\admin\appdata\local\temp\ba48866859697c7532d4578fa2c547a0cf5ae42878e9567e6c87d027fb4da865.exe
  "c:\users\admin\appdata\local\temp\ba48866859697c7532d4578fa2c547a0cf5ae42878e9567e6c87d027fb4da865.exe"
  2⤵
  PID:1744

memory/1744-54-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1744-55-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1744-57-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1744-58-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1744-60-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1744-63-0x0000000075BB1000-0x0000000075BB3000-memory.dmp

Filesize
8KB

Download
memory/1744-64-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download