7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba

Analysis

max time kernel
173s
max time network
206s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2022 23:07

Target

7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
Size

169KB
MD5

09a49e043c9df84812e74d4b001eeccf
SHA1

684fc6689e9182e042c6231758f588b8de8d5fe2
SHA256

7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba
SHA512

230d68547c34fff4397b4d93500dfdc73c0d662cf64e8524dcacff4c3e6bc1f76a974db2ce10d07e98fb061fecfcd8d188167003ffbfb91de180208953a2c437
SSDEEP

3072:xKXR/jtaBLpvKPwxK3bEguprek32x+cBy3rtCzmnbEwW80/PqsOpC2XPBz5u:xKBBMLpU33uZek32x++UrtAmnbnZHHBM

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe

description	pid	process	target process
PID 4544 set thread context of 2128	4544	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe

description	pid	process	target process
PID 4544 wrote to memory of 2128	4544	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
PID 4544 wrote to memory of 2128	4544	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
PID 4544 wrote to memory of 2128	4544	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
PID 4544 wrote to memory of 2128	4544	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
PID 4544 wrote to memory of 2128	4544	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
PID 4544 wrote to memory of 2128	4544	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
PID 4544 wrote to memory of 2128	4544	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
PID 4544 wrote to memory of 2128	4544	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe

C:\Users\Admin\AppData\Local\Temp\7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
"C:\Users\Admin\AppData\Local\Temp\7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4544
- C:\Users\Admin\AppData\Local\Temp\7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
  C:\Users\Admin\AppData\Local\Temp\7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
  2⤵
  PID:2128

memory/2128-132-0x0000000000000000-mapping.dmp

Download
memory/2128-133-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/2128-135-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download