abfaed1214bd3be7c22ffb7ed5925fa394bf8a8bbcea1ea330bcf6c129101a5b

Analysis

max time kernel
33s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 07:00

Target

abfaed1214bd3be7c22ffb7ed5925fa394bf8a8bbcea1ea330bcf6c129101a5b.exe
Size

171KB
MD5

61e459ee8ec887de2a6d5449ca711419
SHA1

8f6017067481b39b7647d8c4bcf306b7fbdc4651
SHA256

abfaed1214bd3be7c22ffb7ed5925fa394bf8a8bbcea1ea330bcf6c129101a5b
SHA512

2405013c012bcb1da50d290973a3a90666dd3b89fc266d6df740f9f783f2b0b7a25f7c85bd32710cac58dd48958569004226e6c7d07013f2fa4261be41ecbb6e
SSDEEP

3072:86H3zdPAk3/cfMt+dIqAA8h+a328qbtgeel3yw9nL0uiAJ7Q+wu4Cf73ya:HXBPj3/cfMQ6ZAcozepL0mpQ+fGa

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1928 set thread context of 1944	1928	abfaed1214bd3be7c22ffb7ed5925fa394bf8a8bbcea1ea330bcf6c129101a5b.exe	28

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1944	abfaed1214bd3be7c22ffb7ed5925fa394bf8a8bbcea1ea330bcf6c129101a5b.exe
1944	abfaed1214bd3be7c22ffb7ed5925fa394bf8a8bbcea1ea330bcf6c129101a5b.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 1944	1928	abfaed1214bd3be7c22ffb7ed5925fa394bf8a8bbcea1ea330bcf6c129101a5b.exe	28
PID 1928 wrote to memory of 1944	1928	abfaed1214bd3be7c22ffb7ed5925fa394bf8a8bbcea1ea330bcf6c129101a5b.exe	28
PID 1928 wrote to memory of 1944	1928	abfaed1214bd3be7c22ffb7ed5925fa394bf8a8bbcea1ea330bcf6c129101a5b.exe	28
PID 1928 wrote to memory of 1944	1928	abfaed1214bd3be7c22ffb7ed5925fa394bf8a8bbcea1ea330bcf6c129101a5b.exe	28
PID 1928 wrote to memory of 1944	1928	abfaed1214bd3be7c22ffb7ed5925fa394bf8a8bbcea1ea330bcf6c129101a5b.exe	28
PID 1928 wrote to memory of 1944	1928	abfaed1214bd3be7c22ffb7ed5925fa394bf8a8bbcea1ea330bcf6c129101a5b.exe	28
PID 1928 wrote to memory of 1944	1928	abfaed1214bd3be7c22ffb7ed5925fa394bf8a8bbcea1ea330bcf6c129101a5b.exe	28
PID 1928 wrote to memory of 1944	1928	abfaed1214bd3be7c22ffb7ed5925fa394bf8a8bbcea1ea330bcf6c129101a5b.exe	28
PID 1944 wrote to memory of 1284	1944	abfaed1214bd3be7c22ffb7ed5925fa394bf8a8bbcea1ea330bcf6c129101a5b.exe	14
PID 1944 wrote to memory of 1284	1944	abfaed1214bd3be7c22ffb7ed5925fa394bf8a8bbcea1ea330bcf6c129101a5b.exe	14
PID 1944 wrote to memory of 1284	1944	abfaed1214bd3be7c22ffb7ed5925fa394bf8a8bbcea1ea330bcf6c129101a5b.exe	14
PID 1944 wrote to memory of 1284	1944	abfaed1214bd3be7c22ffb7ed5925fa394bf8a8bbcea1ea330bcf6c129101a5b.exe	14

memory/1284-66-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1928-63-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/1944-54-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1944-55-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1944-57-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1944-59-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1944-64-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/1944-65-0x0000000076031000-0x0000000076033000-memory.dmp

Filesize
8KB

Download
memory/1944-69-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download