71194cc6abc338c683d89e8ae6c50ad36eb51690952ec6d6e7a6cd95b1409d12

Analysis

max time kernel
35s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 12:25

Target

71194cc6abc338c683d89e8ae6c50ad36eb51690952ec6d6e7a6cd95b1409d12.exe
Size

169KB
MD5

07d193229a1768236b748e587fb6c3b1
SHA1

e779afe5fd51dea572534cdb577e270d64c889d8
SHA256

71194cc6abc338c683d89e8ae6c50ad36eb51690952ec6d6e7a6cd95b1409d12
SHA512

11d697addc174d92359cfc6837062e9107b40b4e64212171bae3cc5894e8bf3edca39fc1f720d180f498f7367057a196241d4f67e4ee3cd01e29bb62c89d489b
SSDEEP

3072:iKXR/zNqhJpCGXwxK3wgZci6BbJVyjZdyHdJWheQGyT6pVTIOk/qTELtVN1UJnrE:iKBRsJpP3XZci6B9VeZdyHCeQGHpyOo7

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 364 set thread context of 1952	364	71194cc6abc338c683d89e8ae6c50ad36eb51690952ec6d6e7a6cd95b1409d12.exe	26

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 364 wrote to memory of 1952	364	71194cc6abc338c683d89e8ae6c50ad36eb51690952ec6d6e7a6cd95b1409d12.exe	26
PID 364 wrote to memory of 1952	364	71194cc6abc338c683d89e8ae6c50ad36eb51690952ec6d6e7a6cd95b1409d12.exe	26
PID 364 wrote to memory of 1952	364	71194cc6abc338c683d89e8ae6c50ad36eb51690952ec6d6e7a6cd95b1409d12.exe	26
PID 364 wrote to memory of 1952	364	71194cc6abc338c683d89e8ae6c50ad36eb51690952ec6d6e7a6cd95b1409d12.exe	26
PID 364 wrote to memory of 1952	364	71194cc6abc338c683d89e8ae6c50ad36eb51690952ec6d6e7a6cd95b1409d12.exe	26
PID 364 wrote to memory of 1952	364	71194cc6abc338c683d89e8ae6c50ad36eb51690952ec6d6e7a6cd95b1409d12.exe	26
PID 364 wrote to memory of 1952	364	71194cc6abc338c683d89e8ae6c50ad36eb51690952ec6d6e7a6cd95b1409d12.exe	26
PID 364 wrote to memory of 1952	364	71194cc6abc338c683d89e8ae6c50ad36eb51690952ec6d6e7a6cd95b1409d12.exe	26
PID 364 wrote to memory of 1952	364	71194cc6abc338c683d89e8ae6c50ad36eb51690952ec6d6e7a6cd95b1409d12.exe	26

C:\Users\Admin\AppData\Local\Temp\71194cc6abc338c683d89e8ae6c50ad36eb51690952ec6d6e7a6cd95b1409d12.exe
"C:\Users\Admin\AppData\Local\Temp\71194cc6abc338c683d89e8ae6c50ad36eb51690952ec6d6e7a6cd95b1409d12.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:364
- C:\Users\Admin\AppData\Local\Temp\71194cc6abc338c683d89e8ae6c50ad36eb51690952ec6d6e7a6cd95b1409d12.exe
  C:\Users\Admin\AppData\Local\Temp\71194cc6abc338c683d89e8ae6c50ad36eb51690952ec6d6e7a6cd95b1409d12.exe
  2⤵
  PID:1952

memory/364-54-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download
memory/1952-55-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1952-56-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1952-58-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1952-59-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1952-61-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1952-65-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download