a1b8a081be4442b9993b67800d8bebd1ffd21efab219aa5714bb039004fab4da

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
12/10/2022, 16:44

Target

a1b8a081be4442b9993b67800d8bebd1ffd21efab219aa5714bb039004fab4da.exe
Size

201KB
MD5

76edb083efb62e80aa269f0cb056b780
SHA1

11c129bf8070a797fa908bfa96804df949c0e895
SHA256

a1b8a081be4442b9993b67800d8bebd1ffd21efab219aa5714bb039004fab4da
SHA512

93b71e45396d88d8bbec2a822d096b6f2c48cfa251e6de35134315fc4c9ea95087948116cba50ac13a8854d4cfedec3a555fd1a2cca85e8bc515753dd9854c6f
SSDEEP

3072:Ou0QeZFCohASls4qQXvvSGug4npAaFIni0N4X5J+Q54bzRUvqr5/:O3QeK2s4qQXvvSD9nLEN4X5J+Q4bOgl

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 280 set thread context of 1060	280	a1b8a081be4442b9993b67800d8bebd1ffd21efab219aa5714bb039004fab4da.exe	27

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 280 wrote to memory of 1060	280	a1b8a081be4442b9993b67800d8bebd1ffd21efab219aa5714bb039004fab4da.exe	27
PID 280 wrote to memory of 1060	280	a1b8a081be4442b9993b67800d8bebd1ffd21efab219aa5714bb039004fab4da.exe	27
PID 280 wrote to memory of 1060	280	a1b8a081be4442b9993b67800d8bebd1ffd21efab219aa5714bb039004fab4da.exe	27
PID 280 wrote to memory of 1060	280	a1b8a081be4442b9993b67800d8bebd1ffd21efab219aa5714bb039004fab4da.exe	27
PID 280 wrote to memory of 1060	280	a1b8a081be4442b9993b67800d8bebd1ffd21efab219aa5714bb039004fab4da.exe	27
PID 280 wrote to memory of 1060	280	a1b8a081be4442b9993b67800d8bebd1ffd21efab219aa5714bb039004fab4da.exe	27
PID 280 wrote to memory of 1060	280	a1b8a081be4442b9993b67800d8bebd1ffd21efab219aa5714bb039004fab4da.exe	27
PID 280 wrote to memory of 1060	280	a1b8a081be4442b9993b67800d8bebd1ffd21efab219aa5714bb039004fab4da.exe	27
PID 280 wrote to memory of 1060	280	a1b8a081be4442b9993b67800d8bebd1ffd21efab219aa5714bb039004fab4da.exe	27

C:\Users\Admin\AppData\Local\Temp\a1b8a081be4442b9993b67800d8bebd1ffd21efab219aa5714bb039004fab4da.exe
"C:\Users\Admin\AppData\Local\Temp\a1b8a081be4442b9993b67800d8bebd1ffd21efab219aa5714bb039004fab4da.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:280
- C:\Users\Admin\AppData\Local\Temp\a1b8a081be4442b9993b67800d8bebd1ffd21efab219aa5714bb039004fab4da.exe
  "C:\Users\Admin\AppData\Local\Temp\a1b8a081be4442b9993b67800d8bebd1ffd21efab219aa5714bb039004fab4da.exe"
  2⤵
  PID:1060

memory/1060-54-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1060-55-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1060-57-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1060-58-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1060-60-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1060-63-0x0000000076831000-0x0000000076833000-memory.dmp

Filesize
8KB

Download
memory/1060-64-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download