ff9d3135272c248c5a47b0370841fa47a0064607d3e57d80c1551d4aa2afffa8

Analysis

max time kernel
27s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
21/11/2022, 17:16

Target

ff9d3135272c248c5a47b0370841fa47a0064607d3e57d80c1551d4aa2afffa8.exe
Size

304KB
MD5

306c1d403b9b95b07a0b9b1a3858e46b
SHA1

21a099a3bc2a21024c503206799e14cac0a310fd
SHA256

ff9d3135272c248c5a47b0370841fa47a0064607d3e57d80c1551d4aa2afffa8
SHA512

37da5cc5567e5fa94ea7bc9ae56404e25e03fe22e7b69046ba57f2b80a7d511acfb457f7f3537491e9ea2a04360e140b05c13d3cc3802da416e95a8a9882fe56
SSDEEP

6144:kSR1ebaV+LclVP5PwpyjYJe/j+77sSFkQd045lLhZS95UaT/zx:kaeW8LMh5I5HsSFxd3E

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 844 set thread context of 1344	844	ff9d3135272c248c5a47b0370841fa47a0064607d3e57d80c1551d4aa2afffa8.exe	28

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 844 wrote to memory of 1344	844	ff9d3135272c248c5a47b0370841fa47a0064607d3e57d80c1551d4aa2afffa8.exe	28
PID 844 wrote to memory of 1344	844	ff9d3135272c248c5a47b0370841fa47a0064607d3e57d80c1551d4aa2afffa8.exe	28
PID 844 wrote to memory of 1344	844	ff9d3135272c248c5a47b0370841fa47a0064607d3e57d80c1551d4aa2afffa8.exe	28
PID 844 wrote to memory of 1344	844	ff9d3135272c248c5a47b0370841fa47a0064607d3e57d80c1551d4aa2afffa8.exe	28
PID 844 wrote to memory of 1344	844	ff9d3135272c248c5a47b0370841fa47a0064607d3e57d80c1551d4aa2afffa8.exe	28
PID 844 wrote to memory of 1344	844	ff9d3135272c248c5a47b0370841fa47a0064607d3e57d80c1551d4aa2afffa8.exe	28
PID 844 wrote to memory of 1344	844	ff9d3135272c248c5a47b0370841fa47a0064607d3e57d80c1551d4aa2afffa8.exe	28
PID 844 wrote to memory of 1344	844	ff9d3135272c248c5a47b0370841fa47a0064607d3e57d80c1551d4aa2afffa8.exe	28

C:\Users\Admin\AppData\Local\Temp\ff9d3135272c248c5a47b0370841fa47a0064607d3e57d80c1551d4aa2afffa8.exe
"C:\Users\Admin\AppData\Local\Temp\ff9d3135272c248c5a47b0370841fa47a0064607d3e57d80c1551d4aa2afffa8.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:844
- C:\Users\Admin\AppData\Local\Temp\ff9d3135272c248c5a47b0370841fa47a0064607d3e57d80c1551d4aa2afffa8.exe
  "C:\Users\Admin\AppData\Local\Temp\ff9d3135272c248c5a47b0370841fa47a0064607d3e57d80c1551d4aa2afffa8.exe"
  2⤵
  PID:1344

memory/1344-54-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1344-55-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1344-57-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1344-58-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1344-60-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1344-63-0x0000000075651000-0x0000000075653000-memory.dmp

Filesize
8KB

Download
memory/1344-64-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download