e60459d373cb43e01fa674b2105d3ea9ae968a01440b5aefc52d6672c7f62121

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 22:49

Target

16ff6f1ab95c71da900f1f7dfd55b311.exe
Size

204KB
MD5

16ff6f1ab95c71da900f1f7dfd55b311
SHA1

d08a0c37f6a5518cc47664862ecde60fe5f3e950
SHA256

e60459d373cb43e01fa674b2105d3ea9ae968a01440b5aefc52d6672c7f62121
SHA512

2dde4295ea8e102b43226112eefee0ebdaad1f9f9e1ff6f3f989278fbe9ca1ee1116f7e5475c4a59b2db65366aede3aa699ff38c31753633b9a636c4fe8541bb
SSDEEP

3072:HeZi2TISClIi26kSo7zQi6WYRVrwi/NOsbTUTkcPlQz4+4p2a:CNGIifScLdDFHTUTRuzIA

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2468 set thread context of 1572	2468	16ff6f1ab95c71da900f1f7dfd55b311.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 1572	2468	16ff6f1ab95c71da900f1f7dfd55b311.exe	28
PID 2468 wrote to memory of 1572	2468	16ff6f1ab95c71da900f1f7dfd55b311.exe	28
PID 2468 wrote to memory of 1572	2468	16ff6f1ab95c71da900f1f7dfd55b311.exe	28
PID 2468 wrote to memory of 1572	2468	16ff6f1ab95c71da900f1f7dfd55b311.exe	28
PID 2468 wrote to memory of 1572	2468	16ff6f1ab95c71da900f1f7dfd55b311.exe	28
PID 2468 wrote to memory of 1572	2468	16ff6f1ab95c71da900f1f7dfd55b311.exe	28
PID 2468 wrote to memory of 1572	2468	16ff6f1ab95c71da900f1f7dfd55b311.exe	28
PID 2468 wrote to memory of 1572	2468	16ff6f1ab95c71da900f1f7dfd55b311.exe	28
PID 2468 wrote to memory of 1572	2468	16ff6f1ab95c71da900f1f7dfd55b311.exe	28
PID 2468 wrote to memory of 1572	2468	16ff6f1ab95c71da900f1f7dfd55b311.exe	28
PID 2468 wrote to memory of 1572	2468	16ff6f1ab95c71da900f1f7dfd55b311.exe	28

C:\Users\Admin\AppData\Local\Temp\16ff6f1ab95c71da900f1f7dfd55b311.exe
"C:\Users\Admin\AppData\Local\Temp\16ff6f1ab95c71da900f1f7dfd55b311.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Users\Admin\AppData\Local\Temp\16ff6f1ab95c71da900f1f7dfd55b311.exe
  "C:\Users\Admin\AppData\Local\Temp\16ff6f1ab95c71da900f1f7dfd55b311.exe"
  2⤵
  PID:1572

memory/1572-2-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1572-4-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1572-6-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1572-8-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1572-10-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1572-12-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1572-14-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1572-16-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1572-18-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1572-19-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2468-1-0x0000000010000000-0x0000000010008000-memory.dmp

Filesize
32KB

Download
memory/2468-0-0x0000000010000000-0x0000000010008000-memory.dmp

Filesize
32KB

Download