c2d272e296bb28c8e17ede5ae8543d2360d553927131a92b4da3a599ec5fbb39

Analysis

max time kernel
29s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 06:44

Target

c2d272e296bb28c8e17ede5ae8543d2360d553927131a92b4da3a599ec5fbb39.exe
Size

54KB
MD5

14af21a57ef75fcf67b380823134f602
SHA1

772acbb1d6ed11aa6fdb46c7217512b5620f7fee
SHA256

c2d272e296bb28c8e17ede5ae8543d2360d553927131a92b4da3a599ec5fbb39
SHA512

a5160ec737d85bd93e914ab41cc1ba4381f229064d4042e69c1e771ee2bad8af3459dc8a647869c1519a579e4905b765323fcf65a9af1236fd482cf8196e17e1
SSDEEP

1536:F2WRJKTLQEvCe4MKQ289vckXbjtZn2q5O:cQ6bC82VojH2q

Score

7^/10

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ey0yoetj8.exe	c2d272e296bb28c8e17ede5ae8543d2360d553927131a92b4da3a599ec5fbb39.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ey0yoetj8.exe	c2d272e296bb28c8e17ede5ae8543d2360d553927131a92b4da3a599ec5fbb39.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2036 set thread context of 700	2036	c2d272e296bb28c8e17ede5ae8543d2360d553927131a92b4da3a599ec5fbb39.exe	28

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
700	c2d272e296bb28c8e17ede5ae8543d2360d553927131a92b4da3a599ec5fbb39.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 700	2036	c2d272e296bb28c8e17ede5ae8543d2360d553927131a92b4da3a599ec5fbb39.exe	28
PID 2036 wrote to memory of 700	2036	c2d272e296bb28c8e17ede5ae8543d2360d553927131a92b4da3a599ec5fbb39.exe	28
PID 2036 wrote to memory of 700	2036	c2d272e296bb28c8e17ede5ae8543d2360d553927131a92b4da3a599ec5fbb39.exe	28
PID 2036 wrote to memory of 700	2036	c2d272e296bb28c8e17ede5ae8543d2360d553927131a92b4da3a599ec5fbb39.exe	28
PID 2036 wrote to memory of 700	2036	c2d272e296bb28c8e17ede5ae8543d2360d553927131a92b4da3a599ec5fbb39.exe	28
PID 2036 wrote to memory of 700	2036	c2d272e296bb28c8e17ede5ae8543d2360d553927131a92b4da3a599ec5fbb39.exe	28
PID 700 wrote to memory of 1228	700	c2d272e296bb28c8e17ede5ae8543d2360d553927131a92b4da3a599ec5fbb39.exe	11
PID 700 wrote to memory of 1228	700	c2d272e296bb28c8e17ede5ae8543d2360d553927131a92b4da3a599ec5fbb39.exe	11
PID 700 wrote to memory of 1228	700	c2d272e296bb28c8e17ede5ae8543d2360d553927131a92b4da3a599ec5fbb39.exe	11

memory/700-58-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/700-62-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/700-65-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1228-63-0x0000000002730000-0x0000000002733000-memory.dmp

Filesize
12KB

Download
memory/2036-54-0x0000000000401000-0x0000000000405000-memory.dmp

Filesize
16KB

Download
memory/2036-55-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2036-56-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2036-57-0x0000000076381000-0x0000000076383000-memory.dmp

Filesize
8KB

Download
memory/2036-61-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download