1b3ac5404d6cc2d7c8a514a578473b695e8c7ad101472ba2a94ec8f2a5aa2be7

Analysis

max time kernel
245s
max time network
260s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/10/2022, 03:47

Target

1b3ac5404d6cc2d7c8a514a578473b695e8c7ad101472ba2a94ec8f2a5aa2be7.exe
Size

345KB
MD5

d879458fe084027d5a1719359df129ff
SHA1

0ba7e5c25d571b8952d46dc715c47c2776732a06
SHA256

1b3ac5404d6cc2d7c8a514a578473b695e8c7ad101472ba2a94ec8f2a5aa2be7
SHA512

4157cd51b8f17c22c900b34c49e56cbb17d7aa88e4321f3f5444d4b475950e6437bbcb4fcbb6156cb504666fc03182f2d9970eb0fcc809996914c11fbb7ca834
SSDEEP

6144:xK5lpVV+1MszHze0x/qJMyy4ohtyYge92QUp4ecu/vL:ev1YzeMyy4op12QUP3

Score

8^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1664 set thread context of 1680	1664	1b3ac5404d6cc2d7c8a514a578473b695e8c7ad101472ba2a94ec8f2a5aa2be7.exe	28

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 1680	1664	1b3ac5404d6cc2d7c8a514a578473b695e8c7ad101472ba2a94ec8f2a5aa2be7.exe	28
PID 1664 wrote to memory of 1680	1664	1b3ac5404d6cc2d7c8a514a578473b695e8c7ad101472ba2a94ec8f2a5aa2be7.exe	28
PID 1664 wrote to memory of 1680	1664	1b3ac5404d6cc2d7c8a514a578473b695e8c7ad101472ba2a94ec8f2a5aa2be7.exe	28
PID 1664 wrote to memory of 1680	1664	1b3ac5404d6cc2d7c8a514a578473b695e8c7ad101472ba2a94ec8f2a5aa2be7.exe	28
PID 1664 wrote to memory of 1680	1664	1b3ac5404d6cc2d7c8a514a578473b695e8c7ad101472ba2a94ec8f2a5aa2be7.exe	28
PID 1664 wrote to memory of 1680	1664	1b3ac5404d6cc2d7c8a514a578473b695e8c7ad101472ba2a94ec8f2a5aa2be7.exe	28
PID 1664 wrote to memory of 1680	1664	1b3ac5404d6cc2d7c8a514a578473b695e8c7ad101472ba2a94ec8f2a5aa2be7.exe	28
PID 1664 wrote to memory of 1680	1664	1b3ac5404d6cc2d7c8a514a578473b695e8c7ad101472ba2a94ec8f2a5aa2be7.exe	28
PID 1664 wrote to memory of 1680	1664	1b3ac5404d6cc2d7c8a514a578473b695e8c7ad101472ba2a94ec8f2a5aa2be7.exe	28
PID 1664 wrote to memory of 1680	1664	1b3ac5404d6cc2d7c8a514a578473b695e8c7ad101472ba2a94ec8f2a5aa2be7.exe	28
PID 1664 wrote to memory of 1680	1664	1b3ac5404d6cc2d7c8a514a578473b695e8c7ad101472ba2a94ec8f2a5aa2be7.exe	28
PID 1664 wrote to memory of 1680	1664	1b3ac5404d6cc2d7c8a514a578473b695e8c7ad101472ba2a94ec8f2a5aa2be7.exe	28

C:\Users\Admin\AppData\Local\Temp\1b3ac5404d6cc2d7c8a514a578473b695e8c7ad101472ba2a94ec8f2a5aa2be7.exe
"C:\Users\Admin\AppData\Local\Temp\1b3ac5404d6cc2d7c8a514a578473b695e8c7ad101472ba2a94ec8f2a5aa2be7.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
  2⤵
  PID:1680

memory/1680-54-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1680-55-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1680-57-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1680-59-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1680-60-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1680-62-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1680-63-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1680-64-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1680-65-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1680-68-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1680-69-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1680-70-0x000007FEFBCE1000-0x000007FEFBCE3000-memory.dmp

Filesize
8KB

Download