ac8b06ad0407f8c2f9d39bfa0f0683d0719272c8332e8d92b003ac386729e90a

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
03-12-2023 02:32

Target

ac8b06ad0407f8c2f9d39bfa0f0683d0719272c8332e8d92b003ac386729e90a.exe
Size

258KB
MD5

65293cadc0467021b330d4248c666670
SHA1

af8f8b65d172a3b6ac355bd4e042b416062b1993
SHA256

ac8b06ad0407f8c2f9d39bfa0f0683d0719272c8332e8d92b003ac386729e90a
SHA512

1dfb47818d1a0336866f09aaa400a9b48bad542af47936e3a78910ea3885bc6704b4d54a04757d21f4caa5900c7d46e369700fcaea414c03639835f55d9bfd02
SSDEEP

6144:HQNCwXX3Z2hUX8A4+s/i0ZkA0CkSCObc5a/zyRv+:oBpCUMA4L/i0ZkA0TSCso

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

ac8b06ad0407f8c2f9d39bfa0f0683d0719272c8332e8d92b003ac386729e90a.exe

description	pid	process	target process
PID 3016 set thread context of 2028	3016	ac8b06ad0407f8c2f9d39bfa0f0683d0719272c8332e8d92b003ac386729e90a.exe	ac8b06ad0407f8c2f9d39bfa0f0683d0719272c8332e8d92b003ac386729e90a.exe

Suspicious use of WriteProcessMemory 5 IoCs

Processes:

ac8b06ad0407f8c2f9d39bfa0f0683d0719272c8332e8d92b003ac386729e90a.exe

description	pid	process	target process
PID 3016 wrote to memory of 2028	3016	ac8b06ad0407f8c2f9d39bfa0f0683d0719272c8332e8d92b003ac386729e90a.exe	ac8b06ad0407f8c2f9d39bfa0f0683d0719272c8332e8d92b003ac386729e90a.exe
PID 3016 wrote to memory of 2028	3016	ac8b06ad0407f8c2f9d39bfa0f0683d0719272c8332e8d92b003ac386729e90a.exe	ac8b06ad0407f8c2f9d39bfa0f0683d0719272c8332e8d92b003ac386729e90a.exe
PID 3016 wrote to memory of 2028	3016	ac8b06ad0407f8c2f9d39bfa0f0683d0719272c8332e8d92b003ac386729e90a.exe	ac8b06ad0407f8c2f9d39bfa0f0683d0719272c8332e8d92b003ac386729e90a.exe
PID 3016 wrote to memory of 2028	3016	ac8b06ad0407f8c2f9d39bfa0f0683d0719272c8332e8d92b003ac386729e90a.exe	ac8b06ad0407f8c2f9d39bfa0f0683d0719272c8332e8d92b003ac386729e90a.exe
PID 3016 wrote to memory of 2028	3016	ac8b06ad0407f8c2f9d39bfa0f0683d0719272c8332e8d92b003ac386729e90a.exe	ac8b06ad0407f8c2f9d39bfa0f0683d0719272c8332e8d92b003ac386729e90a.exe

C:\Users\Admin\AppData\Local\Temp\ac8b06ad0407f8c2f9d39bfa0f0683d0719272c8332e8d92b003ac386729e90a.exe
"C:\Users\Admin\AppData\Local\Temp\ac8b06ad0407f8c2f9d39bfa0f0683d0719272c8332e8d92b003ac386729e90a.exe"
2⤵
PID:2028

memory/2028-3-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/3016-0-0x0000000000240000-0x0000000000286000-memory.dmp

Filesize
280KB

Download
memory/3016-1-0x0000000074440000-0x0000000074B2E000-memory.dmp

Filesize
6.9MB

Download
memory/3016-2-0x0000000004970000-0x00000000049B0000-memory.dmp

Filesize
256KB

Download
memory/3016-4-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/3016-7-0x0000000074440000-0x0000000074B2E000-memory.dmp

Filesize
6.9MB

Download