bf65284ee0dd13e041ae3b390f46c91bc4dcbe3902ff7994f34784a9f60f2262

Analysis

max time kernel
30s
max time network
58s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 20:25

Target

bf65284ee0dd13e041ae3b390f46c91bc4dcbe3902ff7994f34784a9f60f2262.exe
Size

207KB
MD5

fb886e87b25ab669fe372c926f42fc7d
SHA1

700a1ff5bd112f4a533895249be7f4c15cbab45a
SHA256

bf65284ee0dd13e041ae3b390f46c91bc4dcbe3902ff7994f34784a9f60f2262
SHA512

3ae8e59662991ff9331d4f0532cc7b52bcf003d5038dc4839e48809922eb321a92fd6e5f80976b668c473866d3e22f99406f9d1a6a8bd84e041fe2da8a6992de
SSDEEP

6144:B/8EzLAdZUwr7d5GssFjBamEmBZKO88za:2EzLAdqG7dbsFgmEmqT

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1620 set thread context of 1516	1620	bf65284ee0dd13e041ae3b390f46c91bc4dcbe3902ff7994f34784a9f60f2262.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 1516	1620	bf65284ee0dd13e041ae3b390f46c91bc4dcbe3902ff7994f34784a9f60f2262.exe	28
PID 1620 wrote to memory of 1516	1620	bf65284ee0dd13e041ae3b390f46c91bc4dcbe3902ff7994f34784a9f60f2262.exe	28
PID 1620 wrote to memory of 1516	1620	bf65284ee0dd13e041ae3b390f46c91bc4dcbe3902ff7994f34784a9f60f2262.exe	28
PID 1620 wrote to memory of 1516	1620	bf65284ee0dd13e041ae3b390f46c91bc4dcbe3902ff7994f34784a9f60f2262.exe	28
PID 1620 wrote to memory of 1516	1620	bf65284ee0dd13e041ae3b390f46c91bc4dcbe3902ff7994f34784a9f60f2262.exe	28
PID 1620 wrote to memory of 1516	1620	bf65284ee0dd13e041ae3b390f46c91bc4dcbe3902ff7994f34784a9f60f2262.exe	28
PID 1620 wrote to memory of 1516	1620	bf65284ee0dd13e041ae3b390f46c91bc4dcbe3902ff7994f34784a9f60f2262.exe	28
PID 1620 wrote to memory of 1516	1620	bf65284ee0dd13e041ae3b390f46c91bc4dcbe3902ff7994f34784a9f60f2262.exe	28
PID 1620 wrote to memory of 1516	1620	bf65284ee0dd13e041ae3b390f46c91bc4dcbe3902ff7994f34784a9f60f2262.exe	28
PID 1620 wrote to memory of 1516	1620	bf65284ee0dd13e041ae3b390f46c91bc4dcbe3902ff7994f34784a9f60f2262.exe	28
PID 1620 wrote to memory of 1516	1620	bf65284ee0dd13e041ae3b390f46c91bc4dcbe3902ff7994f34784a9f60f2262.exe	28

C:\Users\Admin\AppData\Local\Temp\bf65284ee0dd13e041ae3b390f46c91bc4dcbe3902ff7994f34784a9f60f2262.exe
"C:\Users\Admin\AppData\Local\Temp\bf65284ee0dd13e041ae3b390f46c91bc4dcbe3902ff7994f34784a9f60f2262.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Users\Admin\AppData\Local\Temp\bf65284ee0dd13e041ae3b390f46c91bc4dcbe3902ff7994f34784a9f60f2262.exe
  "C:\Users\Admin\AppData\Local\Temp\bf65284ee0dd13e041ae3b390f46c91bc4dcbe3902ff7994f34784a9f60f2262.exe"
  2⤵
  PID:1516

memory/1516-55-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1516-56-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1516-57-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1516-58-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1516-59-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1516-60-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1516-62-0x0000000000401396-mapping.dmp

Download
memory/1516-61-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1516-65-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1516-66-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1620-54-0x0000000075C81000-0x0000000075C83000-memory.dmp

Filesize
8KB

Download