b122106e3dba6fa355360d1dd85718d05d89a2c3b7e9d79b10b3cf7109a394a0

Analysis

max time kernel
69s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 19:21

Target

b122106e3dba6fa355360d1dd85718d05d89a2c3b7e9d79b10b3cf7109a394a0.exe
Size

61KB
MD5

56882018f6d137cc644024647a54f7f9
SHA1

9372a17d63d6173f09d234b2b2099ae8947484be
SHA256

b122106e3dba6fa355360d1dd85718d05d89a2c3b7e9d79b10b3cf7109a394a0
SHA512

b6d2efce661e1f6ca686d98612d9549e272c493c23ebc1d5eb9585e25686583ed75761bff394f8d0f9a4d38525981455a3b8fd5e085d9010ac433bd39cf192f0
SSDEEP

1536:a72WsfaXYGIVTgVgeG3MCLrkvLOf9e+uCHD:aK2KvFrkDOf9e+uoD

Score

7^/10

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ete7eejot.exe	b122106e3dba6fa355360d1dd85718d05d89a2c3b7e9d79b10b3cf7109a394a0.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ete7eejot.exe	b122106e3dba6fa355360d1dd85718d05d89a2c3b7e9d79b10b3cf7109a394a0.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1868 set thread context of 832	1868	b122106e3dba6fa355360d1dd85718d05d89a2c3b7e9d79b10b3cf7109a394a0.exe	27

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
832	b122106e3dba6fa355360d1dd85718d05d89a2c3b7e9d79b10b3cf7109a394a0.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 832	1868	b122106e3dba6fa355360d1dd85718d05d89a2c3b7e9d79b10b3cf7109a394a0.exe	27
PID 1868 wrote to memory of 832	1868	b122106e3dba6fa355360d1dd85718d05d89a2c3b7e9d79b10b3cf7109a394a0.exe	27
PID 1868 wrote to memory of 832	1868	b122106e3dba6fa355360d1dd85718d05d89a2c3b7e9d79b10b3cf7109a394a0.exe	27
PID 1868 wrote to memory of 832	1868	b122106e3dba6fa355360d1dd85718d05d89a2c3b7e9d79b10b3cf7109a394a0.exe	27
PID 1868 wrote to memory of 832	1868	b122106e3dba6fa355360d1dd85718d05d89a2c3b7e9d79b10b3cf7109a394a0.exe	27
PID 1868 wrote to memory of 832	1868	b122106e3dba6fa355360d1dd85718d05d89a2c3b7e9d79b10b3cf7109a394a0.exe	27
PID 832 wrote to memory of 1244	832	b122106e3dba6fa355360d1dd85718d05d89a2c3b7e9d79b10b3cf7109a394a0.exe	10
PID 832 wrote to memory of 1244	832	b122106e3dba6fa355360d1dd85718d05d89a2c3b7e9d79b10b3cf7109a394a0.exe	10
PID 832 wrote to memory of 1244	832	b122106e3dba6fa355360d1dd85718d05d89a2c3b7e9d79b10b3cf7109a394a0.exe	10

memory/832-58-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/832-62-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/832-65-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1244-63-0x0000000002230000-0x0000000002233000-memory.dmp

Filesize
12KB

Download
memory/1868-55-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1868-54-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1868-56-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1868-57-0x0000000075021000-0x0000000075023000-memory.dmp

Filesize
8KB

Download
memory/1868-61-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download