6b3fe909511f0ac14693b43e22cdf6e705b08e17f6bf06b7e8bc69d05627ab16

Analysis

max time kernel
144s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 03:58

Target

6b3fe909511f0ac14693b43e22cdf6e705b08e17f6bf06b7e8bc69d05627ab16.exe
Size

241KB
MD5

b86eb04352e62da92e5d3c74564aa95e
SHA1

cd43367e9ccbfd0a31c3b1f6b71c762adfa72f1f
SHA256

6b3fe909511f0ac14693b43e22cdf6e705b08e17f6bf06b7e8bc69d05627ab16
SHA512

464f96475aeb42edbcf07db2790ab5a5a00e5f2211a783c0558f2dbbcbb22f79c1b1bae745e690c3cd02bf83342750f418b94238d5ca763019d13e6f41ceb9a7
SSDEEP

6144:tMOfb4CdPTFBEUyfeTnOS+SBlL8xJ/K6Pd8:tMOfbD3MKOSVYxJ/Rm

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1288 set thread context of 1280	1288	6b3fe909511f0ac14693b43e22cdf6e705b08e17f6bf06b7e8bc69d05627ab16.exe	27

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1280	6b3fe909511f0ac14693b43e22cdf6e705b08e17f6bf06b7e8bc69d05627ab16.exe
1280	6b3fe909511f0ac14693b43e22cdf6e705b08e17f6bf06b7e8bc69d05627ab16.exe
1280	6b3fe909511f0ac14693b43e22cdf6e705b08e17f6bf06b7e8bc69d05627ab16.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1288 wrote to memory of 1280	1288	6b3fe909511f0ac14693b43e22cdf6e705b08e17f6bf06b7e8bc69d05627ab16.exe	27
PID 1288 wrote to memory of 1280	1288	6b3fe909511f0ac14693b43e22cdf6e705b08e17f6bf06b7e8bc69d05627ab16.exe	27
PID 1288 wrote to memory of 1280	1288	6b3fe909511f0ac14693b43e22cdf6e705b08e17f6bf06b7e8bc69d05627ab16.exe	27
PID 1288 wrote to memory of 1280	1288	6b3fe909511f0ac14693b43e22cdf6e705b08e17f6bf06b7e8bc69d05627ab16.exe	27
PID 1288 wrote to memory of 1280	1288	6b3fe909511f0ac14693b43e22cdf6e705b08e17f6bf06b7e8bc69d05627ab16.exe	27
PID 1288 wrote to memory of 1280	1288	6b3fe909511f0ac14693b43e22cdf6e705b08e17f6bf06b7e8bc69d05627ab16.exe	27
PID 1288 wrote to memory of 1280	1288	6b3fe909511f0ac14693b43e22cdf6e705b08e17f6bf06b7e8bc69d05627ab16.exe	27
PID 1288 wrote to memory of 1280	1288	6b3fe909511f0ac14693b43e22cdf6e705b08e17f6bf06b7e8bc69d05627ab16.exe	27
PID 1288 wrote to memory of 1280	1288	6b3fe909511f0ac14693b43e22cdf6e705b08e17f6bf06b7e8bc69d05627ab16.exe	27
PID 1288 wrote to memory of 1280	1288	6b3fe909511f0ac14693b43e22cdf6e705b08e17f6bf06b7e8bc69d05627ab16.exe	27
PID 1288 wrote to memory of 1280	1288	6b3fe909511f0ac14693b43e22cdf6e705b08e17f6bf06b7e8bc69d05627ab16.exe	27

C:\Users\Admin\AppData\Local\Temp\6b3fe909511f0ac14693b43e22cdf6e705b08e17f6bf06b7e8bc69d05627ab16.exe
"C:\Users\Admin\AppData\Local\Temp\6b3fe909511f0ac14693b43e22cdf6e705b08e17f6bf06b7e8bc69d05627ab16.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1288
- \??\c:\users\admin\appdata\local\temp\6b3fe909511f0ac14693b43e22cdf6e705b08e17f6bf06b7e8bc69d05627ab16.exe
  "c:\users\admin\appdata\local\temp\6b3fe909511f0ac14693b43e22cdf6e705b08e17f6bf06b7e8bc69d05627ab16.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1280

memory/1280-54-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1280-55-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1280-57-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1280-59-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1280-61-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1280-62-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1280-63-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1280-66-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1280-67-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download