b35793f0801b0e787507e04f25f49627b9b2068125df2614e2c98dc35dcb8f0a

Analysis

max time kernel
5s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
28-11-2022 16:22

Target

b35793f0801b0e787507e04f25f49627b9b2068125df2614e2c98dc35dcb8f0a.exe
Size

815KB
MD5

51ed7e8e341c08280b7a0217f7c39a3f
SHA1

079ad2df4a1db02c4170b7d44aaa189f16194fa1
SHA256

b35793f0801b0e787507e04f25f49627b9b2068125df2614e2c98dc35dcb8f0a
SHA512

13c810699ca58e17a8a5e2bf36e3eeb5d404d5f740ae833fc06f3bcef3aa3cb01da6d373be07a32e29cc613c09803132b8b1a28928a2ffd35abc60b1918168be
SSDEEP

24576:coZle5i/xmrxgxh6UAkNe7bBmGC5MN8XL:dg9yG4Gen

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

b35793f0801b0e787507e04f25f49627b9b2068125df2614e2c98dc35dcb8f0a.exe

description	pid	process	target process
PID 1152 set thread context of 1216	1152	b35793f0801b0e787507e04f25f49627b9b2068125df2614e2c98dc35dcb8f0a.exe	b35793f0801b0e787507e04f25f49627b9b2068125df2614e2c98dc35dcb8f0a.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

b35793f0801b0e787507e04f25f49627b9b2068125df2614e2c98dc35dcb8f0a.exe

description	pid	process	target process
PID 1152 wrote to memory of 1216	1152	b35793f0801b0e787507e04f25f49627b9b2068125df2614e2c98dc35dcb8f0a.exe	b35793f0801b0e787507e04f25f49627b9b2068125df2614e2c98dc35dcb8f0a.exe
PID 1152 wrote to memory of 1216	1152	b35793f0801b0e787507e04f25f49627b9b2068125df2614e2c98dc35dcb8f0a.exe	b35793f0801b0e787507e04f25f49627b9b2068125df2614e2c98dc35dcb8f0a.exe
PID 1152 wrote to memory of 1216	1152	b35793f0801b0e787507e04f25f49627b9b2068125df2614e2c98dc35dcb8f0a.exe	b35793f0801b0e787507e04f25f49627b9b2068125df2614e2c98dc35dcb8f0a.exe
PID 1152 wrote to memory of 1216	1152	b35793f0801b0e787507e04f25f49627b9b2068125df2614e2c98dc35dcb8f0a.exe	b35793f0801b0e787507e04f25f49627b9b2068125df2614e2c98dc35dcb8f0a.exe
PID 1152 wrote to memory of 1216	1152	b35793f0801b0e787507e04f25f49627b9b2068125df2614e2c98dc35dcb8f0a.exe	b35793f0801b0e787507e04f25f49627b9b2068125df2614e2c98dc35dcb8f0a.exe
PID 1152 wrote to memory of 1216	1152	b35793f0801b0e787507e04f25f49627b9b2068125df2614e2c98dc35dcb8f0a.exe	b35793f0801b0e787507e04f25f49627b9b2068125df2614e2c98dc35dcb8f0a.exe
PID 1152 wrote to memory of 1216	1152	b35793f0801b0e787507e04f25f49627b9b2068125df2614e2c98dc35dcb8f0a.exe	b35793f0801b0e787507e04f25f49627b9b2068125df2614e2c98dc35dcb8f0a.exe
PID 1152 wrote to memory of 1216	1152	b35793f0801b0e787507e04f25f49627b9b2068125df2614e2c98dc35dcb8f0a.exe	b35793f0801b0e787507e04f25f49627b9b2068125df2614e2c98dc35dcb8f0a.exe

C:\Users\Admin\AppData\Local\Temp\b35793f0801b0e787507e04f25f49627b9b2068125df2614e2c98dc35dcb8f0a.exe
"C:\Users\Admin\AppData\Local\Temp\b35793f0801b0e787507e04f25f49627b9b2068125df2614e2c98dc35dcb8f0a.exe"
2⤵
PID:1216

memory/1152-54-0x0000000075881000-0x0000000075883000-memory.dmp

Filesize
8KB

Download
memory/1152-56-0x0000000074AF0000-0x000000007509B000-memory.dmp

Filesize
5.7MB

Download
memory/1152-61-0x0000000074AF0000-0x000000007509B000-memory.dmp

Filesize
5.7MB

Download
memory/1216-57-0x0000000000400000-0x00000000004A5000-memory.dmp

Filesize
660KB

Download
memory/1216-55-0x0000000000400000-0x00000000004A5000-memory.dmp

Filesize
660KB

Download
memory/1216-59-0x0000000000400000-0x00000000004A5000-memory.dmp

Filesize
660KB

Download
memory/1216-60-0x000000000047FEDE-mapping.dmp

Download