b1d0b556e661fcfc1a56150086319000477491f51717f46dfdeab647e3f9ad5a

Analysis

max time kernel
19s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 19:18

Target

b1d0b556e661fcfc1a56150086319000477491f51717f46dfdeab647e3f9ad5a.exe
Size

237KB
MD5

1341940b251125066b83ce1b6eefd9d6
SHA1

29660db214104b93cbed3da1d6270b75bf1d729f
SHA256

b1d0b556e661fcfc1a56150086319000477491f51717f46dfdeab647e3f9ad5a
SHA512

3243c00f793d0a8ba5e60876ced26a0900b2dab34a99a9512a21bcd96483d7fefa5dd8bb5facc760105ee52b208dd5e01575635e579be5702e34a98ff6e8b7e4
SSDEEP

6144:davmU5iTUdTmDE3dFFFaQVsH2RUruoMDpvhc04F2BphvmXj:davbiSOWdFFMQVLWy9vDhI

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1368 set thread context of 2036	1368	b1d0b556e661fcfc1a56150086319000477491f51717f46dfdeab647e3f9ad5a.exe	28

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 2036	1368	b1d0b556e661fcfc1a56150086319000477491f51717f46dfdeab647e3f9ad5a.exe	28
PID 1368 wrote to memory of 2036	1368	b1d0b556e661fcfc1a56150086319000477491f51717f46dfdeab647e3f9ad5a.exe	28
PID 1368 wrote to memory of 2036	1368	b1d0b556e661fcfc1a56150086319000477491f51717f46dfdeab647e3f9ad5a.exe	28
PID 1368 wrote to memory of 2036	1368	b1d0b556e661fcfc1a56150086319000477491f51717f46dfdeab647e3f9ad5a.exe	28
PID 1368 wrote to memory of 2036	1368	b1d0b556e661fcfc1a56150086319000477491f51717f46dfdeab647e3f9ad5a.exe	28
PID 1368 wrote to memory of 2036	1368	b1d0b556e661fcfc1a56150086319000477491f51717f46dfdeab647e3f9ad5a.exe	28
PID 1368 wrote to memory of 2036	1368	b1d0b556e661fcfc1a56150086319000477491f51717f46dfdeab647e3f9ad5a.exe	28
PID 1368 wrote to memory of 2036	1368	b1d0b556e661fcfc1a56150086319000477491f51717f46dfdeab647e3f9ad5a.exe	28
PID 1368 wrote to memory of 2036	1368	b1d0b556e661fcfc1a56150086319000477491f51717f46dfdeab647e3f9ad5a.exe	28

C:\Users\Admin\AppData\Local\Temp\b1d0b556e661fcfc1a56150086319000477491f51717f46dfdeab647e3f9ad5a.exe
"C:\Users\Admin\AppData\Local\Temp\b1d0b556e661fcfc1a56150086319000477491f51717f46dfdeab647e3f9ad5a.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1368
- \??\c:\users\admin\appdata\local\temp\b1d0b556e661fcfc1a56150086319000477491f51717f46dfdeab647e3f9ad5a.exe
  "c:\users\admin\appdata\local\temp\b1d0b556e661fcfc1a56150086319000477491f51717f46dfdeab647e3f9ad5a.exe"
  2⤵
  PID:2036

memory/2036-54-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2036-55-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2036-57-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2036-58-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2036-60-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2036-63-0x0000000075501000-0x0000000075503000-memory.dmp

Filesize
8KB

Download
memory/2036-64-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download