e2479b537306ff93a93b117990bcf36e83970f95773f4994ca65e8260d5f2135

Analysis

max time kernel
57s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 20:34

Target

e2479b537306ff93a93b117990bcf36e83970f95773f4994ca65e8260d5f2135.exe
Size

616KB
MD5

606ed5955557a810644087da743d0f01
SHA1

5cd215cce4c7d9d330a3004fe1a3d7a6a0078f61
SHA256

e2479b537306ff93a93b117990bcf36e83970f95773f4994ca65e8260d5f2135
SHA512

5dcec19b98fdec3fc44c6b887ef9e82c0df1eb217af97f3bc22276f3f6784997876fbffe04cd911d7de54434a8d9be374ed1654aa6ef8bc1f2e1ae57771cbef2
SSDEEP

12288:8FC+rRu7St8E3/XyUztjT5Rkw3RUj1vWtW5/KbQGc:8JrCORtLkyU8tWRwa

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2028 set thread context of 960	2028	e2479b537306ff93a93b117990bcf36e83970f95773f4994ca65e8260d5f2135.exe	28

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 960	2028	e2479b537306ff93a93b117990bcf36e83970f95773f4994ca65e8260d5f2135.exe	28
PID 2028 wrote to memory of 960	2028	e2479b537306ff93a93b117990bcf36e83970f95773f4994ca65e8260d5f2135.exe	28
PID 2028 wrote to memory of 960	2028	e2479b537306ff93a93b117990bcf36e83970f95773f4994ca65e8260d5f2135.exe	28
PID 2028 wrote to memory of 960	2028	e2479b537306ff93a93b117990bcf36e83970f95773f4994ca65e8260d5f2135.exe	28
PID 2028 wrote to memory of 960	2028	e2479b537306ff93a93b117990bcf36e83970f95773f4994ca65e8260d5f2135.exe	28
PID 2028 wrote to memory of 960	2028	e2479b537306ff93a93b117990bcf36e83970f95773f4994ca65e8260d5f2135.exe	28

C:\Users\Admin\AppData\Local\Temp\e2479b537306ff93a93b117990bcf36e83970f95773f4994ca65e8260d5f2135.exe
"C:\Users\Admin\AppData\Local\Temp\e2479b537306ff93a93b117990bcf36e83970f95773f4994ca65e8260d5f2135.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Users\Admin\AppData\Local\Temp\e2479b537306ff93a93b117990bcf36e83970f95773f4994ca65e8260d5f2135.exe
  "C:\Users\Admin\AppData\Local\Temp\e2479b537306ff93a93b117990bcf36e83970f95773f4994ca65e8260d5f2135.exe"
  2⤵
  PID:960

memory/960-56-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/960-60-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/960-61-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2028-54-0x00000000767F1000-0x00000000767F3000-memory.dmp

Filesize
8KB

Download
memory/2028-55-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2028-62-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download