a7f2d588cef3fea959dbc063ca763aff01c97bbe7498c3e66c9baedcf3da2113

Analysis

max time kernel
46s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 19:56

Target

a7f2d588cef3fea959dbc063ca763aff01c97bbe7498c3e66c9baedcf3da2113.exe
Size

72KB
MD5

08f3eb0f10f97bba090526b24f60c9c2
SHA1

8dcb0a961d27a2fa5667bba765dc2ae6f50f79f4
SHA256

a7f2d588cef3fea959dbc063ca763aff01c97bbe7498c3e66c9baedcf3da2113
SHA512

6e39edbdc8dc35bb198b0ba6b3f2726a5b65811f2ec69317daacbb815680e9e6190c713ca31d289f084cb73fdc3503a8e534fa301583a89942e10e1d82be2e9b
SSDEEP

1536:SMP5Jrvb/GUPMWLpbQ/UTO7TkiU9OAA5:1rvbeUrcclXM3

Score

7^/10

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dotoyj6yt.exe	a7f2d588cef3fea959dbc063ca763aff01c97bbe7498c3e66c9baedcf3da2113.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dotoyj6yt.exe	a7f2d588cef3fea959dbc063ca763aff01c97bbe7498c3e66c9baedcf3da2113.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1600 set thread context of 852	1600	a7f2d588cef3fea959dbc063ca763aff01c97bbe7498c3e66c9baedcf3da2113.exe	27

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
852	a7f2d588cef3fea959dbc063ca763aff01c97bbe7498c3e66c9baedcf3da2113.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 852	1600	a7f2d588cef3fea959dbc063ca763aff01c97bbe7498c3e66c9baedcf3da2113.exe	27
PID 1600 wrote to memory of 852	1600	a7f2d588cef3fea959dbc063ca763aff01c97bbe7498c3e66c9baedcf3da2113.exe	27
PID 1600 wrote to memory of 852	1600	a7f2d588cef3fea959dbc063ca763aff01c97bbe7498c3e66c9baedcf3da2113.exe	27
PID 1600 wrote to memory of 852	1600	a7f2d588cef3fea959dbc063ca763aff01c97bbe7498c3e66c9baedcf3da2113.exe	27
PID 1600 wrote to memory of 852	1600	a7f2d588cef3fea959dbc063ca763aff01c97bbe7498c3e66c9baedcf3da2113.exe	27
PID 1600 wrote to memory of 852	1600	a7f2d588cef3fea959dbc063ca763aff01c97bbe7498c3e66c9baedcf3da2113.exe	27
PID 852 wrote to memory of 1208	852	a7f2d588cef3fea959dbc063ca763aff01c97bbe7498c3e66c9baedcf3da2113.exe	13
PID 852 wrote to memory of 1208	852	a7f2d588cef3fea959dbc063ca763aff01c97bbe7498c3e66c9baedcf3da2113.exe	13
PID 852 wrote to memory of 1208	852	a7f2d588cef3fea959dbc063ca763aff01c97bbe7498c3e66c9baedcf3da2113.exe	13

memory/852-57-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/852-61-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/852-64-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1208-62-0x0000000002490000-0x0000000002493000-memory.dmp

Filesize
12KB

Download
memory/1600-54-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1600-55-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1600-56-0x00000000752B1000-0x00000000752B3000-memory.dmp

Filesize
8KB

Download
memory/1600-60-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download