ad067522def827a3f4fca30c31e16d3b4709627b6f2df5d46ebbbbedcc2c6f15

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 15:30

Target

ad067522def827a3f4fca30c31e16d3b4709627b6f2df5d46ebbbbedcc2c6f15.exe
Size

93KB
MD5

7a5fb254668e7a83334beb350c251200
SHA1

4b5ffe16043c558dd91bb8b022e4ea6fbe113b2c
SHA256

ad067522def827a3f4fca30c31e16d3b4709627b6f2df5d46ebbbbedcc2c6f15
SHA512

690a8f59a414dd2abe95a7070f2c6f9415cada5721c3426921475ba5dfd4a2cb45e5834ecf46fc4a9b734e5ffd3d6054983aea2462bd9a8187463aae06a67a67
SSDEEP

1536:qO4SEoZ0uQdTc7OqErar+F++++++++++++++++++++8xSbazkPO+SQptzKvAd4:q9boZ0uqiOqErarw+++++++++++++++q

Score

7^/10

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4d75djt.exe	ad067522def827a3f4fca30c31e16d3b4709627b6f2df5d46ebbbbedcc2c6f15.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4d75djt.exe	ad067522def827a3f4fca30c31e16d3b4709627b6f2df5d46ebbbbedcc2c6f15.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1324 set thread context of 1420	1324	ad067522def827a3f4fca30c31e16d3b4709627b6f2df5d46ebbbbedcc2c6f15.exe	27

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1420	ad067522def827a3f4fca30c31e16d3b4709627b6f2df5d46ebbbbedcc2c6f15.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1324 wrote to memory of 1420	1324	ad067522def827a3f4fca30c31e16d3b4709627b6f2df5d46ebbbbedcc2c6f15.exe	27
PID 1324 wrote to memory of 1420	1324	ad067522def827a3f4fca30c31e16d3b4709627b6f2df5d46ebbbbedcc2c6f15.exe	27
PID 1324 wrote to memory of 1420	1324	ad067522def827a3f4fca30c31e16d3b4709627b6f2df5d46ebbbbedcc2c6f15.exe	27
PID 1324 wrote to memory of 1420	1324	ad067522def827a3f4fca30c31e16d3b4709627b6f2df5d46ebbbbedcc2c6f15.exe	27
PID 1324 wrote to memory of 1420	1324	ad067522def827a3f4fca30c31e16d3b4709627b6f2df5d46ebbbbedcc2c6f15.exe	27
PID 1324 wrote to memory of 1420	1324	ad067522def827a3f4fca30c31e16d3b4709627b6f2df5d46ebbbbedcc2c6f15.exe	27
PID 1420 wrote to memory of 1208	1420	ad067522def827a3f4fca30c31e16d3b4709627b6f2df5d46ebbbbedcc2c6f15.exe	15
PID 1420 wrote to memory of 1208	1420	ad067522def827a3f4fca30c31e16d3b4709627b6f2df5d46ebbbbedcc2c6f15.exe	15
PID 1420 wrote to memory of 1208	1420	ad067522def827a3f4fca30c31e16d3b4709627b6f2df5d46ebbbbedcc2c6f15.exe	15

memory/1208-62-0x0000000002490000-0x0000000002493000-memory.dmp

Filesize
12KB

Download
memory/1324-54-0x00000000752B1000-0x00000000752B3000-memory.dmp

Filesize
8KB

Download
memory/1324-56-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/1324-55-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/1324-60-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/1420-57-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1420-61-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1420-64-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download