f216b0738d8bccfa65719b5578b2d3ed3675fe7dc9b19a046b9e492e3b11e33d

Analysis

max time kernel
152s
max time network
167s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 11:50

Target

f216b0738d8bccfa65719b5578b2d3ed3675fe7dc9b19a046b9e492e3b11e33d.exe
Size

79KB
MD5

64a371633c94e2fed587ee595afe6720
SHA1

60cd19ab33b0f6aaa634cdc1d2c7a81305477c15
SHA256

f216b0738d8bccfa65719b5578b2d3ed3675fe7dc9b19a046b9e492e3b11e33d
SHA512

d73efcaa117582bee0a6273f5463cd9e44dd9f2e28ae623ca51d868ff950e201479d7a856bb608cc9bd85f3d7a71eb28289a17275ed045be32ef43aa0dbb19f0
SSDEEP

1536:LqUMMqN8DPXnkBSp8cuY5SK2/b/IMOg34vfasMErq2onC:GUMlNOeNYxpgIvyDeq2F

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 960 set thread context of 948	960	f216b0738d8bccfa65719b5578b2d3ed3675fe7dc9b19a046b9e492e3b11e33d.exe	27

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\3rjdw7zcj.job	f216b0738d8bccfa65719b5578b2d3ed3675fe7dc9b19a046b9e492e3b11e33d.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 960 wrote to memory of 948	960	f216b0738d8bccfa65719b5578b2d3ed3675fe7dc9b19a046b9e492e3b11e33d.exe	27
PID 960 wrote to memory of 948	960	f216b0738d8bccfa65719b5578b2d3ed3675fe7dc9b19a046b9e492e3b11e33d.exe	27
PID 960 wrote to memory of 948	960	f216b0738d8bccfa65719b5578b2d3ed3675fe7dc9b19a046b9e492e3b11e33d.exe	27
PID 960 wrote to memory of 948	960	f216b0738d8bccfa65719b5578b2d3ed3675fe7dc9b19a046b9e492e3b11e33d.exe	27
PID 960 wrote to memory of 948	960	f216b0738d8bccfa65719b5578b2d3ed3675fe7dc9b19a046b9e492e3b11e33d.exe	27
PID 960 wrote to memory of 948	960	f216b0738d8bccfa65719b5578b2d3ed3675fe7dc9b19a046b9e492e3b11e33d.exe	27

C:\Users\Admin\AppData\Local\Temp\f216b0738d8bccfa65719b5578b2d3ed3675fe7dc9b19a046b9e492e3b11e33d.exe
"C:\Users\Admin\AppData\Local\Temp\f216b0738d8bccfa65719b5578b2d3ed3675fe7dc9b19a046b9e492e3b11e33d.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:960
- C:\Users\Admin\AppData\Local\Temp\f216b0738d8bccfa65719b5578b2d3ed3675fe7dc9b19a046b9e492e3b11e33d.exe
  C:\Users\Admin\AppData\Local\Temp\f216b0738d8bccfa65719b5578b2d3ed3675fe7dc9b19a046b9e492e3b11e33d.exe
  2⤵
  - Drops file in Windows directory
  PID:948

memory/948-54-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/948-56-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/948-59-0x0000000075141000-0x0000000075143000-memory.dmp

Filesize
8KB

Download
memory/948-60-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/948-61-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/948-62-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download