ce397b31afe75f0eb924ba06cf95b425790a22a0cf8ab0dcc17bc6cb35c54ed2

Analysis

max time kernel
41s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 04:36

Target

ce397b31afe75f0eb924ba06cf95b425790a22a0cf8ab0dcc17bc6cb35c54ed2.exe
Size

86KB
MD5

d59539dc232146e2978755aeb8434e1a
SHA1

d893140f583bcb9b72b5c271060672e055177e78
SHA256

ce397b31afe75f0eb924ba06cf95b425790a22a0cf8ab0dcc17bc6cb35c54ed2
SHA512

10e90c0fa5dfaa5f8f9add4a158705c9c7d789316af04e1e6b0134098ee38a9d36ee4ae15160bbd65b8d30a0cf59b1434d297a3c740781b01f1226d77c404cc2
SSDEEP

768:N/IwI4gTtUReg/UXssPzfQE6rrDNswNX9pQUnbmhGOOOOOOOaHaJB4VQgvBAfBKb:ed4gTtUMgQzfWrrDNhLGKYBuOw

Score

7^/10

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\otoy1yj2.exe	ce397b31afe75f0eb924ba06cf95b425790a22a0cf8ab0dcc17bc6cb35c54ed2.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\otoy1yj2.exe	ce397b31afe75f0eb924ba06cf95b425790a22a0cf8ab0dcc17bc6cb35c54ed2.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1668 set thread context of 684	1668	ce397b31afe75f0eb924ba06cf95b425790a22a0cf8ab0dcc17bc6cb35c54ed2.exe	27

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
684	ce397b31afe75f0eb924ba06cf95b425790a22a0cf8ab0dcc17bc6cb35c54ed2.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 684	1668	ce397b31afe75f0eb924ba06cf95b425790a22a0cf8ab0dcc17bc6cb35c54ed2.exe	27
PID 1668 wrote to memory of 684	1668	ce397b31afe75f0eb924ba06cf95b425790a22a0cf8ab0dcc17bc6cb35c54ed2.exe	27
PID 1668 wrote to memory of 684	1668	ce397b31afe75f0eb924ba06cf95b425790a22a0cf8ab0dcc17bc6cb35c54ed2.exe	27
PID 1668 wrote to memory of 684	1668	ce397b31afe75f0eb924ba06cf95b425790a22a0cf8ab0dcc17bc6cb35c54ed2.exe	27
PID 1668 wrote to memory of 684	1668	ce397b31afe75f0eb924ba06cf95b425790a22a0cf8ab0dcc17bc6cb35c54ed2.exe	27
PID 1668 wrote to memory of 684	1668	ce397b31afe75f0eb924ba06cf95b425790a22a0cf8ab0dcc17bc6cb35c54ed2.exe	27
PID 684 wrote to memory of 1268	684	ce397b31afe75f0eb924ba06cf95b425790a22a0cf8ab0dcc17bc6cb35c54ed2.exe	12
PID 684 wrote to memory of 1268	684	ce397b31afe75f0eb924ba06cf95b425790a22a0cf8ab0dcc17bc6cb35c54ed2.exe	12
PID 684 wrote to memory of 1268	684	ce397b31afe75f0eb924ba06cf95b425790a22a0cf8ab0dcc17bc6cb35c54ed2.exe	12

memory/684-56-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/684-59-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/684-63-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1268-61-0x00000000029E0000-0x00000000029E3000-memory.dmp

Filesize
12KB

Download
memory/1668-54-0x0000000075071000-0x0000000075073000-memory.dmp

Filesize
8KB

Download
memory/1668-55-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1668-60-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download