92a9b64ef96d9ac7139e217bd25ca0f26d7f82ce247382426348b871642cd613

Analysis

max time kernel
29s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 01:12

Target

92a9b64ef96d9ac7139e217bd25ca0f26d7f82ce247382426348b871642cd613.exe
Size

72KB
MD5

24d06109dcb96c25ef9426a8aa85c106
SHA1

54c44b47fae6432a8237fe571ede6b297772a35a
SHA256

92a9b64ef96d9ac7139e217bd25ca0f26d7f82ce247382426348b871642cd613
SHA512

13a9bc31ee88854ba5e6825e90b60629efdf1164c495e159c8eeddbe05a48bf3283c8d02245708d03d1a9646316d2ba4c9961f57dbb5fea226e7937b384bd330
SSDEEP

768:yX5YSCddbf2QOGUTDMVPcQFZUdvbQ/fM5dX+9N+axxthhhhhhZzWNou0zllkJRPw:yX5rLGUPMWLpbQ/UTO7xTzq0rkDyryo

Score

7^/10

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\djojtytd.exe	92a9b64ef96d9ac7139e217bd25ca0f26d7f82ce247382426348b871642cd613.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\djojtytd.exe	92a9b64ef96d9ac7139e217bd25ca0f26d7f82ce247382426348b871642cd613.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1948 set thread context of 1000	1948	92a9b64ef96d9ac7139e217bd25ca0f26d7f82ce247382426348b871642cd613.exe	27

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1000	92a9b64ef96d9ac7139e217bd25ca0f26d7f82ce247382426348b871642cd613.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 1000	1948	92a9b64ef96d9ac7139e217bd25ca0f26d7f82ce247382426348b871642cd613.exe	27
PID 1948 wrote to memory of 1000	1948	92a9b64ef96d9ac7139e217bd25ca0f26d7f82ce247382426348b871642cd613.exe	27
PID 1948 wrote to memory of 1000	1948	92a9b64ef96d9ac7139e217bd25ca0f26d7f82ce247382426348b871642cd613.exe	27
PID 1948 wrote to memory of 1000	1948	92a9b64ef96d9ac7139e217bd25ca0f26d7f82ce247382426348b871642cd613.exe	27
PID 1948 wrote to memory of 1000	1948	92a9b64ef96d9ac7139e217bd25ca0f26d7f82ce247382426348b871642cd613.exe	27
PID 1948 wrote to memory of 1000	1948	92a9b64ef96d9ac7139e217bd25ca0f26d7f82ce247382426348b871642cd613.exe	27
PID 1000 wrote to memory of 1396	1000	92a9b64ef96d9ac7139e217bd25ca0f26d7f82ce247382426348b871642cd613.exe	14
PID 1000 wrote to memory of 1396	1000	92a9b64ef96d9ac7139e217bd25ca0f26d7f82ce247382426348b871642cd613.exe	14
PID 1000 wrote to memory of 1396	1000	92a9b64ef96d9ac7139e217bd25ca0f26d7f82ce247382426348b871642cd613.exe	14

memory/1000-58-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1000-61-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1000-65-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1396-63-0x00000000026D0000-0x00000000026D3000-memory.dmp

Filesize
12KB

Download
memory/1948-54-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1948-55-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1948-56-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1948-57-0x0000000076871000-0x0000000076873000-memory.dmp

Filesize
8KB

Download
memory/1948-62-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download