3525aa76738dd6cb46dbc4e5bb6e7202846dd94501fa9953d7043b8ab38ca3a5

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-10-2022 23:11

Target

3525aa76738dd6cb46dbc4e5bb6e7202846dd94501fa9953d7043b8ab38ca3a5.exe
Size

205KB
MD5

81ef85e5dcefe6544c6d3d1f52e13690
SHA1

952f314eaf0d76bdc87b407a2ec94a405cdef1d9
SHA256

3525aa76738dd6cb46dbc4e5bb6e7202846dd94501fa9953d7043b8ab38ca3a5
SHA512

4fdb2c326083c8daa0dca90f67067e2662c334103dd91728a432e7bd36bb66f3a18505cddde4e4ea4863431b932390e1411c1f79219b41fff51cf025d217c8ee
SSDEEP

6144:S3P+0BdKWNmpYjAAuWua0FXXL+W6Y9W4bg:6PlWWnIa0FX7PF9Jg

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 896 set thread context of 1952	896	3525aa76738dd6cb46dbc4e5bb6e7202846dd94501fa9953d7043b8ab38ca3a5.exe	28

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 896 wrote to memory of 1952	896	3525aa76738dd6cb46dbc4e5bb6e7202846dd94501fa9953d7043b8ab38ca3a5.exe	28
PID 896 wrote to memory of 1952	896	3525aa76738dd6cb46dbc4e5bb6e7202846dd94501fa9953d7043b8ab38ca3a5.exe	28
PID 896 wrote to memory of 1952	896	3525aa76738dd6cb46dbc4e5bb6e7202846dd94501fa9953d7043b8ab38ca3a5.exe	28
PID 896 wrote to memory of 1952	896	3525aa76738dd6cb46dbc4e5bb6e7202846dd94501fa9953d7043b8ab38ca3a5.exe	28
PID 896 wrote to memory of 1952	896	3525aa76738dd6cb46dbc4e5bb6e7202846dd94501fa9953d7043b8ab38ca3a5.exe	28
PID 896 wrote to memory of 1952	896	3525aa76738dd6cb46dbc4e5bb6e7202846dd94501fa9953d7043b8ab38ca3a5.exe	28
PID 896 wrote to memory of 1952	896	3525aa76738dd6cb46dbc4e5bb6e7202846dd94501fa9953d7043b8ab38ca3a5.exe	28
PID 896 wrote to memory of 1952	896	3525aa76738dd6cb46dbc4e5bb6e7202846dd94501fa9953d7043b8ab38ca3a5.exe	28
PID 896 wrote to memory of 1952	896	3525aa76738dd6cb46dbc4e5bb6e7202846dd94501fa9953d7043b8ab38ca3a5.exe	28

C:\Users\Admin\AppData\Local\Temp\3525aa76738dd6cb46dbc4e5bb6e7202846dd94501fa9953d7043b8ab38ca3a5.exe
"C:\Users\Admin\AppData\Local\Temp\3525aa76738dd6cb46dbc4e5bb6e7202846dd94501fa9953d7043b8ab38ca3a5.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:896
- C:\Users\Admin\AppData\Local\Temp\3525aa76738dd6cb46dbc4e5bb6e7202846dd94501fa9953d7043b8ab38ca3a5.exe
  "C:\Users\Admin\AppData\Local\Temp\3525aa76738dd6cb46dbc4e5bb6e7202846dd94501fa9953d7043b8ab38ca3a5.exe"
  2⤵
  PID:1952

memory/1952-54-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1952-55-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1952-57-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1952-58-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1952-60-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1952-61-0x00000000004154B2-mapping.dmp

Download
memory/1952-63-0x0000000075E31000-0x0000000075E33000-memory.dmp

Filesize
8KB

Download
memory/1952-64-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download