2c5b9875744f2f87bc76410024b5e76bbb75e8fc790b3435a792da16eb107f86

Analysis

max time kernel
148s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
27-03-2023 09:23

Target

2d.exe
Size

148KB
MD5

38b50102f941b4f4cba161408cf20933
SHA1

a734a5bd0bf36f205baaa37a4ae84b21eca6b173
SHA256

8b1177549a1f4a0e47acd8ec77bf670ee18efb9f2c18747e460bd8924d5a2024
SHA512

25b513c41662ee4236baae15db95e25ea8defd4483c2d819047e0978253906b355f2f2425f7f4ea6e97994b0a83eb062c772578f24f94c32ad90578b6f2583cd
SSDEEP

3072:BdSg+CABM7yfmgftxDBxdkVWelD8Az9kNP:WgoBJOKxt8VLI

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

2d.exe

description pid process target process

PID 1560 set thread context of 1348 1560 2d.exe 2d.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

2d.exe

pid process

1348 2d.exe
1348 2d.exe
1348 2d.exe
1348 2d.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

2d.exe

pid process

1560 2d.exe

description	pid	process	target process
PID 1560 set thread context of 1348	1560	2d.exe	2d.exe

pid	process
1560	2d.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

2d.exe

description	pid	process	target process
PID 1560 wrote to memory of 1348	1560	2d.exe	2d.exe
PID 1560 wrote to memory of 1348	1560	2d.exe	2d.exe
PID 1560 wrote to memory of 1348	1560	2d.exe	2d.exe
PID 1560 wrote to memory of 1348	1560	2d.exe	2d.exe
PID 1560 wrote to memory of 1348	1560	2d.exe	2d.exe
PID 1560 wrote to memory of 1348	1560	2d.exe	2d.exe
PID 1560 wrote to memory of 1348	1560	2d.exe	2d.exe
PID 1560 wrote to memory of 1348	1560	2d.exe	2d.exe
PID 1560 wrote to memory of 1348	1560	2d.exe	2d.exe
PID 1560 wrote to memory of 1348	1560	2d.exe	2d.exe
PID 1560 wrote to memory of 1348	1560	2d.exe	2d.exe

C:\Users\Admin\AppData\Local\Temp\2d.exe
"C:\Users\Admin\AppData\Local\Temp\2d.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1348

memory/1348-56-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1348-57-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1348-58-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1348-59-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1348-60-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1348-61-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1348-62-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1348-63-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1348-65-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1348-66-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download