075b0c9f85d5fcf0a46248e5f9a919852924f5ca9003f07e04f2443843d1fd89

Analysis

max time kernel
43s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21/10/2022, 01:28

Target

075b0c9f85d5fcf0a46248e5f9a919852924f5ca9003f07e04f2443843d1fd89.exe
Size

79KB
MD5

5f96c663c00d475d1eddd8ab6f2a4e74
SHA1

a5265e89c4d92ded3e2b306b1aad65e6d511390a
SHA256

075b0c9f85d5fcf0a46248e5f9a919852924f5ca9003f07e04f2443843d1fd89
SHA512

0bf45b5c491bf4b2d4083345fc24ef3f25b8f82e7c237115b4083153f035e60154cda402c1da8a8460c73acdcccfa76fa6f919242fde47d4f398d293aa9ea8e5
SSDEEP

1536:Y85te2bdXJ0qO/cRApm1kTYXEb8uyPG29zHW7u+y1s:vG2bZJ05/+ApLs0bOPG2VHW7u1y

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 768 set thread context of 868	768	075b0c9f85d5fcf0a46248e5f9a919852924f5ca9003f07e04f2443843d1fd89.exe	28

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2012	768	WerFault.exe	27

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
868	075b0c9f85d5fcf0a46248e5f9a919852924f5ca9003f07e04f2443843d1fd89.exe
868	075b0c9f85d5fcf0a46248e5f9a919852924f5ca9003f07e04f2443843d1fd89.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 768 wrote to memory of 868	768	075b0c9f85d5fcf0a46248e5f9a919852924f5ca9003f07e04f2443843d1fd89.exe	28
PID 768 wrote to memory of 868	768	075b0c9f85d5fcf0a46248e5f9a919852924f5ca9003f07e04f2443843d1fd89.exe	28
PID 768 wrote to memory of 868	768	075b0c9f85d5fcf0a46248e5f9a919852924f5ca9003f07e04f2443843d1fd89.exe	28
PID 768 wrote to memory of 868	768	075b0c9f85d5fcf0a46248e5f9a919852924f5ca9003f07e04f2443843d1fd89.exe	28
PID 768 wrote to memory of 868	768	075b0c9f85d5fcf0a46248e5f9a919852924f5ca9003f07e04f2443843d1fd89.exe	28
PID 768 wrote to memory of 868	768	075b0c9f85d5fcf0a46248e5f9a919852924f5ca9003f07e04f2443843d1fd89.exe	28
PID 768 wrote to memory of 2012	768	075b0c9f85d5fcf0a46248e5f9a919852924f5ca9003f07e04f2443843d1fd89.exe	29
PID 768 wrote to memory of 2012	768	075b0c9f85d5fcf0a46248e5f9a919852924f5ca9003f07e04f2443843d1fd89.exe	29
PID 768 wrote to memory of 2012	768	075b0c9f85d5fcf0a46248e5f9a919852924f5ca9003f07e04f2443843d1fd89.exe	29
PID 768 wrote to memory of 2012	768	075b0c9f85d5fcf0a46248e5f9a919852924f5ca9003f07e04f2443843d1fd89.exe	29
PID 868 wrote to memory of 1216	868	075b0c9f85d5fcf0a46248e5f9a919852924f5ca9003f07e04f2443843d1fd89.exe	15
PID 868 wrote to memory of 1216	868	075b0c9f85d5fcf0a46248e5f9a919852924f5ca9003f07e04f2443843d1fd89.exe	15
PID 868 wrote to memory of 1216	868	075b0c9f85d5fcf0a46248e5f9a919852924f5ca9003f07e04f2443843d1fd89.exe	15
PID 868 wrote to memory of 1216	868	075b0c9f85d5fcf0a46248e5f9a919852924f5ca9003f07e04f2443843d1fd89.exe	15

memory/768-54-0x0000000076091000-0x0000000076093000-memory.dmp

Filesize
8KB

Download
memory/868-55-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/868-59-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/868-64-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/868-65-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1216-61-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download