e0053ffea3a64ce4b5173dd3f143c8b4bf9c84c1531a85bce2dfefecf3eb1fea

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
22/09/2023, 01:01

Target

50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe
Size

576KB
MD5

0bb376187cf8242293fcb8578e369fb2
SHA1

9bde167acf3f4146c339c62d212280d7c2b96391
SHA256

50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7
SHA512

75a327c874d83984e54a3c6b8b77fec5479b5205573bc3f036c7dd5ef35a037863d2266dc994808b6e3ed24cf9bac6bbbeb6cb4553b7418787a7615871249b34
SSDEEP

12288:6ZUEkSVn/1nKAjj7N14+l8QvbV5yu1Dm30IsQ456V614sAAk08:2UqVjjPl8m5ZTKSAO

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1008 set thread context of 2648	1008	50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe	28

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2648	50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1008 wrote to memory of 2648	1008	50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe	28
PID 1008 wrote to memory of 2648	1008	50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe	28
PID 1008 wrote to memory of 2648	1008	50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe	28
PID 1008 wrote to memory of 2648	1008	50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe	28
PID 1008 wrote to memory of 2648	1008	50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe	28
PID 1008 wrote to memory of 2648	1008	50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe	28
PID 1008 wrote to memory of 2648	1008	50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe	28

C:\Users\Admin\AppData\Local\Temp\50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe
"C:\Users\Admin\AppData\Local\Temp\50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1008
- C:\Users\Admin\AppData\Local\Temp\50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe
  "C:\Users\Admin\AppData\Local\Temp\50b7c22b62b792c34ad69ec219ee468803d070257b57902a33248f953444caf7.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2648

memory/1008-8-0x0000000000D40000-0x0000000000DBA000-memory.dmp

Filesize
488KB

Download
memory/1008-14-0x0000000074DA0000-0x000000007548E000-memory.dmp

Filesize
6.9MB

Download
memory/1008-2-0x0000000000E00000-0x0000000000E40000-memory.dmp

Filesize
256KB

Download
memory/1008-3-0x0000000000290000-0x00000000002A2000-memory.dmp

Filesize
72KB

Download
memory/1008-4-0x0000000074DA0000-0x000000007548E000-memory.dmp

Filesize
6.9MB

Download
memory/1008-5-0x0000000000E00000-0x0000000000E40000-memory.dmp

Filesize
256KB

Download
memory/1008-0-0x0000000000F80000-0x0000000001016000-memory.dmp

Filesize
600KB

Download
memory/1008-6-0x00000000005A0000-0x00000000005A8000-memory.dmp

Filesize
32KB

Download
memory/1008-1-0x0000000074DA0000-0x000000007548E000-memory.dmp

Filesize
6.9MB

Download
memory/1008-7-0x00000000005F0000-0x00000000005FC000-memory.dmp

Filesize
48KB

Download
memory/2648-9-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2648-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2648-13-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2648-10-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2648-15-0x0000000000810000-0x0000000000B13000-memory.dmp

Filesize
3.0MB

Download
memory/2648-16-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download