d58fad4f229106f74d20aeaca981c1fe585292f3b86f370bbe0b59b208807622

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 04:05

Target

d58fad4f229106f74d20aeaca981c1fe585292f3b86f370bbe0b59b208807622.exe
Size

58KB
MD5

70834e7d181863f10cc616029a9fa116
SHA1

1d469fedbd1414a10fcbf30a9f23f44d48c1bbea
SHA256

d58fad4f229106f74d20aeaca981c1fe585292f3b86f370bbe0b59b208807622
SHA512

e4d3894b1dbb020cc061e80e2ddafe82a92df42f0d1b90823f3344ab8221f46827eca332a7526f0dde3e1a7260a4e7ddc930e44c2118fe0d8ac5f42229f46f07
SSDEEP

768:hw823ZiUzAr4rS6heyY1soCG4IXXLrXhYGJYStd+0m1UmMsPOq:S82pi4uSS6MyYuoqIXXLrXzuef9j

Score

7^/10

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\o4d1tydy.exe	d58fad4f229106f74d20aeaca981c1fe585292f3b86f370bbe0b59b208807622.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\o4d1tydy.exe	d58fad4f229106f74d20aeaca981c1fe585292f3b86f370bbe0b59b208807622.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1200 set thread context of 1108	1200	d58fad4f229106f74d20aeaca981c1fe585292f3b86f370bbe0b59b208807622.exe	27

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1108	d58fad4f229106f74d20aeaca981c1fe585292f3b86f370bbe0b59b208807622.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 1108	1200	d58fad4f229106f74d20aeaca981c1fe585292f3b86f370bbe0b59b208807622.exe	27
PID 1200 wrote to memory of 1108	1200	d58fad4f229106f74d20aeaca981c1fe585292f3b86f370bbe0b59b208807622.exe	27
PID 1200 wrote to memory of 1108	1200	d58fad4f229106f74d20aeaca981c1fe585292f3b86f370bbe0b59b208807622.exe	27
PID 1200 wrote to memory of 1108	1200	d58fad4f229106f74d20aeaca981c1fe585292f3b86f370bbe0b59b208807622.exe	27
PID 1200 wrote to memory of 1108	1200	d58fad4f229106f74d20aeaca981c1fe585292f3b86f370bbe0b59b208807622.exe	27
PID 1200 wrote to memory of 1108	1200	d58fad4f229106f74d20aeaca981c1fe585292f3b86f370bbe0b59b208807622.exe	27
PID 1108 wrote to memory of 1400	1108	d58fad4f229106f74d20aeaca981c1fe585292f3b86f370bbe0b59b208807622.exe	16
PID 1108 wrote to memory of 1400	1108	d58fad4f229106f74d20aeaca981c1fe585292f3b86f370bbe0b59b208807622.exe	16
PID 1108 wrote to memory of 1400	1108	d58fad4f229106f74d20aeaca981c1fe585292f3b86f370bbe0b59b208807622.exe	16

memory/1108-57-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1108-60-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1108-64-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1200-55-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1200-54-0x0000000000401000-0x0000000000405000-memory.dmp

Filesize
16KB

Download
memory/1200-56-0x0000000075AC1000-0x0000000075AC3000-memory.dmp

Filesize
8KB

Download
memory/1200-61-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1400-62-0x0000000002580000-0x0000000002583000-memory.dmp

Filesize
12KB

Download