bbe7a7e466f80d02d5d9aac74adc57e806c07c6d765bb7c18f9a45746473c617

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-11-2022 07:36

Target

bbe7a7e466f80d02d5d9aac74adc57e806c07c6d765bb7c18f9a45746473c617.exe
Size

200KB
MD5

22e70fa181cf63bfceda6ef3220f3400
SHA1

c03084f9baaab26efb697991bc709f1bab006e42
SHA256

bbe7a7e466f80d02d5d9aac74adc57e806c07c6d765bb7c18f9a45746473c617
SHA512

80352b098a998e0af1da7d4579de500066db6dc7ec387ed840545df3236b4d996decc0378e07d8f3935570e92f926faf81acb78e3f6e96a845fde8c39678ace4
SSDEEP

3072:/Vh3Bw9lf6U9wUGG+F68YlvWEmX7+T9rk4uG4U/+YtgW1sGaq8ln+MsX0Cy7ERSJ:/jkDwX886vWEJZr7X/nglG/8gZ53Rh

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1764 set thread context of 1008	1764	bbe7a7e466f80d02d5d9aac74adc57e806c07c6d765bb7c18f9a45746473c617.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 1008	1764	bbe7a7e466f80d02d5d9aac74adc57e806c07c6d765bb7c18f9a45746473c617.exe	28
PID 1764 wrote to memory of 1008	1764	bbe7a7e466f80d02d5d9aac74adc57e806c07c6d765bb7c18f9a45746473c617.exe	28
PID 1764 wrote to memory of 1008	1764	bbe7a7e466f80d02d5d9aac74adc57e806c07c6d765bb7c18f9a45746473c617.exe	28
PID 1764 wrote to memory of 1008	1764	bbe7a7e466f80d02d5d9aac74adc57e806c07c6d765bb7c18f9a45746473c617.exe	28
PID 1764 wrote to memory of 1008	1764	bbe7a7e466f80d02d5d9aac74adc57e806c07c6d765bb7c18f9a45746473c617.exe	28
PID 1764 wrote to memory of 1008	1764	bbe7a7e466f80d02d5d9aac74adc57e806c07c6d765bb7c18f9a45746473c617.exe	28
PID 1764 wrote to memory of 1008	1764	bbe7a7e466f80d02d5d9aac74adc57e806c07c6d765bb7c18f9a45746473c617.exe	28
PID 1764 wrote to memory of 1008	1764	bbe7a7e466f80d02d5d9aac74adc57e806c07c6d765bb7c18f9a45746473c617.exe	28
PID 1764 wrote to memory of 1008	1764	bbe7a7e466f80d02d5d9aac74adc57e806c07c6d765bb7c18f9a45746473c617.exe	28
PID 1764 wrote to memory of 1008	1764	bbe7a7e466f80d02d5d9aac74adc57e806c07c6d765bb7c18f9a45746473c617.exe	28
PID 1764 wrote to memory of 1008	1764	bbe7a7e466f80d02d5d9aac74adc57e806c07c6d765bb7c18f9a45746473c617.exe	28

C:\Users\Admin\AppData\Local\Temp\bbe7a7e466f80d02d5d9aac74adc57e806c07c6d765bb7c18f9a45746473c617.exe
"C:\Users\Admin\AppData\Local\Temp\bbe7a7e466f80d02d5d9aac74adc57e806c07c6d765bb7c18f9a45746473c617.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Users\Admin\AppData\Local\Temp\bbe7a7e466f80d02d5d9aac74adc57e806c07c6d765bb7c18f9a45746473c617.exe
  "C:\Users\Admin\AppData\Local\Temp\bbe7a7e466f80d02d5d9aac74adc57e806c07c6d765bb7c18f9a45746473c617.exe"
  2⤵
  PID:1008

memory/1008-56-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1008-57-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1008-59-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1008-61-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1008-63-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1008-65-0x000000000128392E-mapping.dmp

Download
memory/1008-68-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1008-66-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1008-70-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/1764-54-0x0000000076261000-0x0000000076263000-memory.dmp

Filesize
8KB

Download
memory/1764-55-0x0000000074C00000-0x00000000751AB000-memory.dmp

Filesize
5.7MB

Download
memory/1764-67-0x0000000074C00000-0x00000000751AB000-memory.dmp

Filesize
5.7MB

Download