f7c8e02920621f7f2163a615fbbdb5e8c24df3c1080018c964260f5f8a0a457a

Analysis

max time kernel
178s
max time network
250s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 02:41

Target

f7c8e02920621f7f2163a615fbbdb5e8c24df3c1080018c964260f5f8a0a457a.exe
Size

116KB
MD5

33dc01634996ce192526ed48f1a17910
SHA1

b072050bbbab0388e4a3562637b2a9b603fd57ba
SHA256

f7c8e02920621f7f2163a615fbbdb5e8c24df3c1080018c964260f5f8a0a457a
SHA512

4e12fcfff6d889cf1ac5c637be0a995b9c57c260f0adb012a94883ad53cdb6d697d3f66b3b691db6efa648c8d8800050656e6e50a0b41b14c5312a48b291ee1c
SSDEEP

1536:Y8q5MTqhIdBrnRqZ27nQ1J6DkWzB2hLbNWoTBcupx0LjxlWyjitM7tKHC2Y5:YYtrnRFM2Lw8oTBcup6JbEM7cQ

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1672 set thread context of 1668	1672	f7c8e02920621f7f2163a615fbbdb5e8c24df3c1080018c964260f5f8a0a457a.exe	28

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\jtcu.job	f7c8e02920621f7f2163a615fbbdb5e8c24df3c1080018c964260f5f8a0a457a.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 1668	1672	f7c8e02920621f7f2163a615fbbdb5e8c24df3c1080018c964260f5f8a0a457a.exe	28
PID 1672 wrote to memory of 1668	1672	f7c8e02920621f7f2163a615fbbdb5e8c24df3c1080018c964260f5f8a0a457a.exe	28
PID 1672 wrote to memory of 1668	1672	f7c8e02920621f7f2163a615fbbdb5e8c24df3c1080018c964260f5f8a0a457a.exe	28
PID 1672 wrote to memory of 1668	1672	f7c8e02920621f7f2163a615fbbdb5e8c24df3c1080018c964260f5f8a0a457a.exe	28
PID 1672 wrote to memory of 1668	1672	f7c8e02920621f7f2163a615fbbdb5e8c24df3c1080018c964260f5f8a0a457a.exe	28
PID 1672 wrote to memory of 1668	1672	f7c8e02920621f7f2163a615fbbdb5e8c24df3c1080018c964260f5f8a0a457a.exe	28

C:\Users\Admin\AppData\Local\Temp\f7c8e02920621f7f2163a615fbbdb5e8c24df3c1080018c964260f5f8a0a457a.exe
"C:\Users\Admin\AppData\Local\Temp\f7c8e02920621f7f2163a615fbbdb5e8c24df3c1080018c964260f5f8a0a457a.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Users\Admin\AppData\Local\Temp\f7c8e02920621f7f2163a615fbbdb5e8c24df3c1080018c964260f5f8a0a457a.exe
  C:\Users\Admin\AppData\Local\Temp\f7c8e02920621f7f2163a615fbbdb5e8c24df3c1080018c964260f5f8a0a457a.exe
  2⤵
  - Drops file in Windows directory
  PID:1668

memory/1668-54-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1668-56-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1668-60-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/1668-59-0x0000000075831000-0x0000000075833000-memory.dmp

Filesize
8KB

Download
memory/1668-61-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download