b6cfb9bdb81ec16c3294492afdb5dbd6cce42689b6c2c2acc4e1c136ce2db095

Analysis

max time kernel
28s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 21:30

Target

b6cfb9bdb81ec16c3294492afdb5dbd6cce42689b6c2c2acc4e1c136ce2db095.exe
Size

42KB
MD5

140365e58e6f356f66c51c63cf14d1f9
SHA1

7854bee4dd183c20426fb7eed8a7ec6f31084a87
SHA256

b6cfb9bdb81ec16c3294492afdb5dbd6cce42689b6c2c2acc4e1c136ce2db095
SHA512

7a0f2d4262f76cff7cc83fc54d98226d6eb84c0c08a7f4aa2e8c217e27da6e210e551654b964586f10a3d53588d0a2ccbdf143c56a53e78aeedc3c61b6fe2b8d
SSDEEP

768:xe2UomvgrF3lAA34VXoJ87NbIxb6B+zIXX+70O/5ivFsJZ6/xGFOq0A/SonJRi:A2UoLeowqxb6C0O/Mv2q/8FDaYa

Score

7^/10

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ydjeoj7o.exe	b6cfb9bdb81ec16c3294492afdb5dbd6cce42689b6c2c2acc4e1c136ce2db095.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ydjeoj7o.exe	b6cfb9bdb81ec16c3294492afdb5dbd6cce42689b6c2c2acc4e1c136ce2db095.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1472 set thread context of 1392	1472	b6cfb9bdb81ec16c3294492afdb5dbd6cce42689b6c2c2acc4e1c136ce2db095.exe	27

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1392	b6cfb9bdb81ec16c3294492afdb5dbd6cce42689b6c2c2acc4e1c136ce2db095.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1472 wrote to memory of 1392	1472	b6cfb9bdb81ec16c3294492afdb5dbd6cce42689b6c2c2acc4e1c136ce2db095.exe	27
PID 1472 wrote to memory of 1392	1472	b6cfb9bdb81ec16c3294492afdb5dbd6cce42689b6c2c2acc4e1c136ce2db095.exe	27
PID 1472 wrote to memory of 1392	1472	b6cfb9bdb81ec16c3294492afdb5dbd6cce42689b6c2c2acc4e1c136ce2db095.exe	27
PID 1472 wrote to memory of 1392	1472	b6cfb9bdb81ec16c3294492afdb5dbd6cce42689b6c2c2acc4e1c136ce2db095.exe	27
PID 1472 wrote to memory of 1392	1472	b6cfb9bdb81ec16c3294492afdb5dbd6cce42689b6c2c2acc4e1c136ce2db095.exe	27
PID 1472 wrote to memory of 1392	1472	b6cfb9bdb81ec16c3294492afdb5dbd6cce42689b6c2c2acc4e1c136ce2db095.exe	27
PID 1392 wrote to memory of 1380	1392	b6cfb9bdb81ec16c3294492afdb5dbd6cce42689b6c2c2acc4e1c136ce2db095.exe	20
PID 1392 wrote to memory of 1380	1392	b6cfb9bdb81ec16c3294492afdb5dbd6cce42689b6c2c2acc4e1c136ce2db095.exe	20
PID 1392 wrote to memory of 1380	1392	b6cfb9bdb81ec16c3294492afdb5dbd6cce42689b6c2c2acc4e1c136ce2db095.exe	20

memory/1380-62-0x0000000001D20000-0x0000000001D23000-memory.dmp

Filesize
12KB

Download
memory/1392-61-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1392-56-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1392-64-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1472-54-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1472-55-0x0000000074C11000-0x0000000074C13000-memory.dmp

Filesize
8KB

Download
memory/1472-58-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1472-60-0x0000000000230000-0x0000000000244000-memory.dmp

Filesize
80KB

Download