b40dd25f8d693cf1d213aa9deb0937a0d9aa7ab6dbfabf8df1ff60beb887ed96

Analysis

max time kernel
46s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30/11/2022, 23:00

Target

b40dd25f8d693cf1d213aa9deb0937a0d9aa7ab6dbfabf8df1ff60beb887ed96.exe
Size

269KB
MD5

0fd55acef600069fb61c215c05ddcb70
SHA1

8d507738e1c1cecbcd6ae337bb2401e7df48d452
SHA256

b40dd25f8d693cf1d213aa9deb0937a0d9aa7ab6dbfabf8df1ff60beb887ed96
SHA512

a4afbda88f945772ddeba192c2e40cca30a22c8c4a75cbadc50b8e629100558f8ecee86298c1a3c404cabb0518de664371528f316eac31ed42d0f7f68ae7e3e7
SSDEEP

6144:7H/S85W3nhCEUlyolT0pPODy6W14Kki0/vBut:z/c3nylR0pWZemut

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1324 set thread context of 1280	1324	b40dd25f8d693cf1d213aa9deb0937a0d9aa7ab6dbfabf8df1ff60beb887ed96.exe	27

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1324 wrote to memory of 1280	1324	b40dd25f8d693cf1d213aa9deb0937a0d9aa7ab6dbfabf8df1ff60beb887ed96.exe	27
PID 1324 wrote to memory of 1280	1324	b40dd25f8d693cf1d213aa9deb0937a0d9aa7ab6dbfabf8df1ff60beb887ed96.exe	27
PID 1324 wrote to memory of 1280	1324	b40dd25f8d693cf1d213aa9deb0937a0d9aa7ab6dbfabf8df1ff60beb887ed96.exe	27
PID 1324 wrote to memory of 1280	1324	b40dd25f8d693cf1d213aa9deb0937a0d9aa7ab6dbfabf8df1ff60beb887ed96.exe	27
PID 1324 wrote to memory of 1280	1324	b40dd25f8d693cf1d213aa9deb0937a0d9aa7ab6dbfabf8df1ff60beb887ed96.exe	27
PID 1324 wrote to memory of 1280	1324	b40dd25f8d693cf1d213aa9deb0937a0d9aa7ab6dbfabf8df1ff60beb887ed96.exe	27
PID 1324 wrote to memory of 1280	1324	b40dd25f8d693cf1d213aa9deb0937a0d9aa7ab6dbfabf8df1ff60beb887ed96.exe	27
PID 1324 wrote to memory of 1280	1324	b40dd25f8d693cf1d213aa9deb0937a0d9aa7ab6dbfabf8df1ff60beb887ed96.exe	27

C:\Users\Admin\AppData\Local\Temp\b40dd25f8d693cf1d213aa9deb0937a0d9aa7ab6dbfabf8df1ff60beb887ed96.exe
"C:\Users\Admin\AppData\Local\Temp\b40dd25f8d693cf1d213aa9deb0937a0d9aa7ab6dbfabf8df1ff60beb887ed96.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Users\Admin\AppData\Local\Temp\b40dd25f8d693cf1d213aa9deb0937a0d9aa7ab6dbfabf8df1ff60beb887ed96.exe
  "C:\Users\Admin\AppData\Local\Temp\b40dd25f8d693cf1d213aa9deb0937a0d9aa7ab6dbfabf8df1ff60beb887ed96.exe"
  2⤵
  PID:1280

memory/1280-54-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1280-55-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1280-57-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1280-58-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1280-60-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/1280-63-0x00000000752B1000-0x00000000752B3000-memory.dmp

Filesize
8KB

Download
memory/1280-64-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download