303bcd9f1cb1c32438545312e1e204a453e2047fa4db1e13c90da39d86fe7a94

Analysis

max time kernel
210s
max time network
276s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
22-10-2022 04:01

Target

303bcd9f1cb1c32438545312e1e204a453e2047fa4db1e13c90da39d86fe7a94.exe
Size

344KB
MD5

8355f4fcb65efd4b4beed19a8282ce80
SHA1

a100aee7b677a151302b13a449524f65a19156b2
SHA256

303bcd9f1cb1c32438545312e1e204a453e2047fa4db1e13c90da39d86fe7a94
SHA512

c5792f4aa7349467191bb37053b9eea3ab047432d6aeba3fb6970f46fede8db7fcffd130bc67f5e9c50d8dfd948df2a7a950f2d56296ac277c33de430633f5ad
SSDEEP

6144:gq6LFGh9VpSaYmn9EqgJ/ky4yuooh1S6E2B11vkbtIlzaa8+dpf3:gnwnu4EqPyuooz14WlzaaD

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

303bcd9f1cb1c32438545312e1e204a453e2047fa4db1e13c90da39d86fe7a94.exe

description	pid	process	target process
PID 1348 set thread context of 1372	1348	303bcd9f1cb1c32438545312e1e204a453e2047fa4db1e13c90da39d86fe7a94.exe	RegSvcs.exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

303bcd9f1cb1c32438545312e1e204a453e2047fa4db1e13c90da39d86fe7a94.exe

description	pid	process	target process
PID 1348 wrote to memory of 1372	1348	303bcd9f1cb1c32438545312e1e204a453e2047fa4db1e13c90da39d86fe7a94.exe	RegSvcs.exe
PID 1348 wrote to memory of 1372	1348	303bcd9f1cb1c32438545312e1e204a453e2047fa4db1e13c90da39d86fe7a94.exe	RegSvcs.exe
PID 1348 wrote to memory of 1372	1348	303bcd9f1cb1c32438545312e1e204a453e2047fa4db1e13c90da39d86fe7a94.exe	RegSvcs.exe
PID 1348 wrote to memory of 1372	1348	303bcd9f1cb1c32438545312e1e204a453e2047fa4db1e13c90da39d86fe7a94.exe	RegSvcs.exe
PID 1348 wrote to memory of 1372	1348	303bcd9f1cb1c32438545312e1e204a453e2047fa4db1e13c90da39d86fe7a94.exe	RegSvcs.exe
PID 1348 wrote to memory of 1372	1348	303bcd9f1cb1c32438545312e1e204a453e2047fa4db1e13c90da39d86fe7a94.exe	RegSvcs.exe
PID 1348 wrote to memory of 1372	1348	303bcd9f1cb1c32438545312e1e204a453e2047fa4db1e13c90da39d86fe7a94.exe	RegSvcs.exe
PID 1348 wrote to memory of 1372	1348	303bcd9f1cb1c32438545312e1e204a453e2047fa4db1e13c90da39d86fe7a94.exe	RegSvcs.exe
PID 1348 wrote to memory of 1372	1348	303bcd9f1cb1c32438545312e1e204a453e2047fa4db1e13c90da39d86fe7a94.exe	RegSvcs.exe
PID 1348 wrote to memory of 1372	1348	303bcd9f1cb1c32438545312e1e204a453e2047fa4db1e13c90da39d86fe7a94.exe	RegSvcs.exe
PID 1348 wrote to memory of 1372	1348	303bcd9f1cb1c32438545312e1e204a453e2047fa4db1e13c90da39d86fe7a94.exe	RegSvcs.exe
PID 1348 wrote to memory of 1372	1348	303bcd9f1cb1c32438545312e1e204a453e2047fa4db1e13c90da39d86fe7a94.exe	RegSvcs.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
2⤵
PID:1372

memory/1372-54-0x0000000140000000-0x0000000140022000-memory.dmp

Filesize
136KB

Download
memory/1372-55-0x0000000140000000-0x0000000140022000-memory.dmp

Filesize
136KB

Download
memory/1372-57-0x0000000140000000-0x0000000140022000-memory.dmp

Filesize
136KB

Download
memory/1372-59-0x0000000140000000-0x0000000140022000-memory.dmp

Filesize
136KB

Download
memory/1372-60-0x0000000140000000-0x0000000140022000-memory.dmp

Filesize
136KB

Download
memory/1372-62-0x0000000140000000-0x0000000140022000-memory.dmp

Filesize
136KB

Download
memory/1372-63-0x0000000140000000-0x0000000140022000-memory.dmp

Filesize
136KB

Download
memory/1372-64-0x0000000140000000-0x0000000140022000-memory.dmp

Filesize
136KB

Download
memory/1372-66-0x0000000140003E0C-mapping.dmp

Download
memory/1372-65-0x0000000140000000-0x0000000140022000-memory.dmp

Filesize
136KB

Download
memory/1372-68-0x0000000140000000-0x0000000140022000-memory.dmp

Filesize
136KB

Download
memory/1372-69-0x0000000140000000-0x0000000140022000-memory.dmp

Filesize
136KB

Download
memory/1372-70-0x000007FEFB8B1000-0x000007FEFB8B3000-memory.dmp

Filesize
8KB

Download