59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8

Analysis

max time kernel
26s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 14:14

Target

59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe
Size

93KB
MD5

c9d5b99c846e49a9e40be0d4e332d2e0
SHA1

ea1e228d930b9970cbd8bacd902a7d10e921edd3
SHA256

59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8
SHA512

eb628c5190e8da39e448e41a5a05d7f6022729d0cd0027c15d46b593ab54f404935838a0b1b2ba21b33b00466ffe8a129b943fa1f638f894eaf72cdfdd137c7f
SSDEEP

1536:b/I4SEoZ0uQdTc7OqErar+sbbbbbbbgeN5HZNSsR2oGi7:jXboZ0uqiOqErarV55qoGi7

Score

7^/10

Drops startup file 2 IoCs

Processes:

59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2jyo3t9.exe	59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2jyo3t9.exe	59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe

description	pid	process	target process
PID 1516 set thread context of 1676	1516	59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe	59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe

pid process

1676 59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe

pid	process
1676	59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe

description	pid	process	target process
PID 1516 wrote to memory of 1676	1516	59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe	59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe
PID 1516 wrote to memory of 1676	1516	59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe	59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe
PID 1516 wrote to memory of 1676	1516	59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe	59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe
PID 1516 wrote to memory of 1676	1516	59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe	59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe
PID 1516 wrote to memory of 1676	1516	59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe	59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe
PID 1516 wrote to memory of 1676	1516	59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe	59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe
PID 1676 wrote to memory of 1244	1676	59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe	Explorer.EXE
PID 1676 wrote to memory of 1244	1676	59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe	Explorer.EXE
PID 1676 wrote to memory of 1244	1676	59e508c0984cd605d967a19ede4bb3d00b3a21a074fe3dbb76f2f69ed57a39b8.exe	Explorer.EXE

memory/1244-61-0x0000000002200000-0x0000000002203000-memory.dmp

Filesize
12KB

Download
memory/1516-54-0x0000000075C81000-0x0000000075C83000-memory.dmp

Filesize
8KB

Download
memory/1516-56-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1516-55-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1676-57-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1676-58-0x0000000000401840-mapping.dmp

Download
memory/1676-60-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1676-63-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download