a38090a5db2eaf318a4b5e7b60cb487d7fb37bdb0aa31097688780dab557b13f

Analysis

max time kernel
241s
max time network
259s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
18-10-2022 22:31

Target

a38090a5db2eaf318a4b5e7b60cb487d7fb37bdb0aa31097688780dab557b13f.exe
Size

345KB
MD5

caf164a291c1106cc0edf0787086f545
SHA1

78225d38139be94e8c151bdeaa02b07e149cca53
SHA256

a38090a5db2eaf318a4b5e7b60cb487d7fb37bdb0aa31097688780dab557b13f
SHA512

d9735421019c26646c0106d5154de5bc28aa4c170f218bac39394bf8b90d771987413d95a26c5814b7d200a1dadf8d64fe59dac5134bac468cf7939173077c90
SSDEEP

6144:P6S1ZVlum8KDJUOER/YMF8yC4ohoTtyvbO7IOJFhkgG28g+8:bPmcUOI6yC4orbOMOvG283

Score

8^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

a38090a5db2eaf318a4b5e7b60cb487d7fb37bdb0aa31097688780dab557b13f.exe

description	pid	process	target process
PID 1448 set thread context of 1480	1448	a38090a5db2eaf318a4b5e7b60cb487d7fb37bdb0aa31097688780dab557b13f.exe	RegSvcs.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

a38090a5db2eaf318a4b5e7b60cb487d7fb37bdb0aa31097688780dab557b13f.exe

description	pid	process	target process
PID 1448 wrote to memory of 1480	1448	a38090a5db2eaf318a4b5e7b60cb487d7fb37bdb0aa31097688780dab557b13f.exe	RegSvcs.exe
PID 1448 wrote to memory of 1480	1448	a38090a5db2eaf318a4b5e7b60cb487d7fb37bdb0aa31097688780dab557b13f.exe	RegSvcs.exe
PID 1448 wrote to memory of 1480	1448	a38090a5db2eaf318a4b5e7b60cb487d7fb37bdb0aa31097688780dab557b13f.exe	RegSvcs.exe
PID 1448 wrote to memory of 1480	1448	a38090a5db2eaf318a4b5e7b60cb487d7fb37bdb0aa31097688780dab557b13f.exe	RegSvcs.exe
PID 1448 wrote to memory of 1480	1448	a38090a5db2eaf318a4b5e7b60cb487d7fb37bdb0aa31097688780dab557b13f.exe	RegSvcs.exe
PID 1448 wrote to memory of 1480	1448	a38090a5db2eaf318a4b5e7b60cb487d7fb37bdb0aa31097688780dab557b13f.exe	RegSvcs.exe
PID 1448 wrote to memory of 1480	1448	a38090a5db2eaf318a4b5e7b60cb487d7fb37bdb0aa31097688780dab557b13f.exe	RegSvcs.exe
PID 1448 wrote to memory of 1480	1448	a38090a5db2eaf318a4b5e7b60cb487d7fb37bdb0aa31097688780dab557b13f.exe	RegSvcs.exe
PID 1448 wrote to memory of 1480	1448	a38090a5db2eaf318a4b5e7b60cb487d7fb37bdb0aa31097688780dab557b13f.exe	RegSvcs.exe
PID 1448 wrote to memory of 1480	1448	a38090a5db2eaf318a4b5e7b60cb487d7fb37bdb0aa31097688780dab557b13f.exe	RegSvcs.exe
PID 1448 wrote to memory of 1480	1448	a38090a5db2eaf318a4b5e7b60cb487d7fb37bdb0aa31097688780dab557b13f.exe	RegSvcs.exe
PID 1448 wrote to memory of 1480	1448	a38090a5db2eaf318a4b5e7b60cb487d7fb37bdb0aa31097688780dab557b13f.exe	RegSvcs.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
2⤵
PID:1480

memory/1480-54-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1480-55-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1480-57-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1480-59-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1480-60-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1480-62-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1480-63-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1480-64-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1480-65-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1480-66-0x0000000140003FAC-mapping.dmp

Download
memory/1480-68-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1480-69-0x0000000140000000-0x0000000140023000-memory.dmp

Filesize
140KB

Download
memory/1480-70-0x000007FEFB9E1000-0x000007FEFB9E3000-memory.dmp

Filesize
8KB

Download