5d59290a5a80f52cba944d47cf09a084c32aa9ebc271c1d17f6ccdbbdbb7ee45

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
18/09/2023, 21:25

Target

file.exe
Size

393KB
MD5

06a6e879e606c6e08e59f44a87dd5ad9
SHA1

06da3cac9431a3ebea33c3f3071fb9db29f36fcc
SHA256

5d59290a5a80f52cba944d47cf09a084c32aa9ebc271c1d17f6ccdbbdbb7ee45
SHA512

7dba0cb286e1b0ed588715463b40f4bb6be3982db12040da0d07de137a464961f7cf29f5e5a146b4d70f1cdfeccdc3422620c7246657be15e2172571f5c027fe
SSDEEP

6144:ENxjEk2jicP5iOo2T8VrSd/sUAOeklrnLRvFN1BYTCONg/l/IQFjH1Sa:ENxtqiG59ou4k5LRF+WOkVBH1Sa

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2016 set thread context of 1708	2016	file.exe	29

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 1708	2016	file.exe	29
PID 2016 wrote to memory of 1708	2016	file.exe	29
PID 2016 wrote to memory of 1708	2016	file.exe	29
PID 2016 wrote to memory of 1708	2016	file.exe	29
PID 2016 wrote to memory of 1708	2016	file.exe	29
PID 2016 wrote to memory of 1708	2016	file.exe	29
PID 2016 wrote to memory of 1708	2016	file.exe	29
PID 2016 wrote to memory of 1708	2016	file.exe	29
PID 2016 wrote to memory of 1708	2016	file.exe	29
PID 2016 wrote to memory of 1708	2016	file.exe	29
PID 2016 wrote to memory of 1708	2016	file.exe	29
PID 2016 wrote to memory of 1708	2016	file.exe	29
PID 2016 wrote to memory of 1708	2016	file.exe	29
PID 2016 wrote to memory of 1708	2016	file.exe	29

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
  2⤵
  PID:1708

memory/1708-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1708-2-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1708-4-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1708-6-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1708-8-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1708-10-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1708-12-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/1708-13-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1708-15-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1708-17-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1708-18-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1708-19-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download