3c4fbbed8856fe74a780f97991b02e602949e9e31f6dcb04966e81d741598eee

Analysis

max time kernel
29s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 00:08

Target

3c4fbbed8856fe74a780f97991b02e602949e9e31f6dcb04966e81d741598eee.exe
Size

59KB
MD5

f77e9b212ff7f353c6bbc23355b15c73
SHA1

ec320a5a8e5c3cce08eab051c3707ec801c77f8f
SHA256

3c4fbbed8856fe74a780f97991b02e602949e9e31f6dcb04966e81d741598eee
SHA512

9b1c16de403f22616bff728ef6df5bd4613b6c282d59ef47e633902cc80d9ed85dad6d033649b5a0357c002a6116a2912a2f2f9c2e926a98cd87d6d71973aa05
SSDEEP

1536:FyyR9IUrTZeGD525DFtYLV2iL6OGuF1h1nPXYvdg8lkVFj/Q:FyyRtrteGD+Hsh6efIvR4u

Score

7^/10

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jo96doty.exe	3c4fbbed8856fe74a780f97991b02e602949e9e31f6dcb04966e81d741598eee.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jo96doty.exe	3c4fbbed8856fe74a780f97991b02e602949e9e31f6dcb04966e81d741598eee.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 904 set thread context of 1380	904	3c4fbbed8856fe74a780f97991b02e602949e9e31f6dcb04966e81d741598eee.exe	27

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1380	3c4fbbed8856fe74a780f97991b02e602949e9e31f6dcb04966e81d741598eee.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 1380	904	3c4fbbed8856fe74a780f97991b02e602949e9e31f6dcb04966e81d741598eee.exe	27
PID 904 wrote to memory of 1380	904	3c4fbbed8856fe74a780f97991b02e602949e9e31f6dcb04966e81d741598eee.exe	27
PID 904 wrote to memory of 1380	904	3c4fbbed8856fe74a780f97991b02e602949e9e31f6dcb04966e81d741598eee.exe	27
PID 904 wrote to memory of 1380	904	3c4fbbed8856fe74a780f97991b02e602949e9e31f6dcb04966e81d741598eee.exe	27
PID 904 wrote to memory of 1380	904	3c4fbbed8856fe74a780f97991b02e602949e9e31f6dcb04966e81d741598eee.exe	27
PID 904 wrote to memory of 1380	904	3c4fbbed8856fe74a780f97991b02e602949e9e31f6dcb04966e81d741598eee.exe	27
PID 1380 wrote to memory of 1244	1380	3c4fbbed8856fe74a780f97991b02e602949e9e31f6dcb04966e81d741598eee.exe	15
PID 1380 wrote to memory of 1244	1380	3c4fbbed8856fe74a780f97991b02e602949e9e31f6dcb04966e81d741598eee.exe	15
PID 1380 wrote to memory of 1244	1380	3c4fbbed8856fe74a780f97991b02e602949e9e31f6dcb04966e81d741598eee.exe	15

memory/904-55-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/904-54-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/904-56-0x0000000075021000-0x0000000075023000-memory.dmp

Filesize
8KB

Download
memory/904-60-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1244-62-0x0000000002230000-0x0000000002233000-memory.dmp

Filesize
12KB

Download
memory/1380-57-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1380-61-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1380-64-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download