7262263033e43cd28b582a8f5cdde204218dbe377b2593e2746e58fb2508f7a4

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 18:18

Target

0b323530396c73a0d5d791bb2e34fcdd.exe
Size

89KB
MD5

0b323530396c73a0d5d791bb2e34fcdd
SHA1

2c5753ef71190e81a0ab2e5358fb6da45e144cee
SHA256

7262263033e43cd28b582a8f5cdde204218dbe377b2593e2746e58fb2508f7a4
SHA512

5e41eb43262657c5131eeae46a467bf7ea4ab51a7e375c29d7989dc7e4820b3fef942659b293e57eaa354199943bb0c8d0db77e2582d7c096552f17c804bfb85
SSDEEP

1536:DFOnrduhbOAetTNOinDrZhQcnprVF9TGyjc:DFAdHAeB4idpxF9iyw

Score

7^/10

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iidd6ooi2.exe	0b323530396c73a0d5d791bb2e34fcdd.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iidd6ooi2.exe	0b323530396c73a0d5d791bb2e34fcdd.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1732 set thread context of 3024	1732	0b323530396c73a0d5d791bb2e34fcdd.exe	16

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3024	0b323530396c73a0d5d791bb2e34fcdd.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 3024	1732	0b323530396c73a0d5d791bb2e34fcdd.exe	16
PID 1732 wrote to memory of 3024	1732	0b323530396c73a0d5d791bb2e34fcdd.exe	16
PID 1732 wrote to memory of 3024	1732	0b323530396c73a0d5d791bb2e34fcdd.exe	16
PID 1732 wrote to memory of 3024	1732	0b323530396c73a0d5d791bb2e34fcdd.exe	16
PID 1732 wrote to memory of 3024	1732	0b323530396c73a0d5d791bb2e34fcdd.exe	16
PID 1732 wrote to memory of 3024	1732	0b323530396c73a0d5d791bb2e34fcdd.exe	16
PID 3024 wrote to memory of 1068	3024	0b323530396c73a0d5d791bb2e34fcdd.exe	9
PID 3024 wrote to memory of 1068	3024	0b323530396c73a0d5d791bb2e34fcdd.exe	9
PID 3024 wrote to memory of 1068	3024	0b323530396c73a0d5d791bb2e34fcdd.exe	9

memory/1068-14-0x0000000002EB0000-0x0000000002EB2000-memory.dmp

Filesize
8KB

Download
memory/1068-13-0x0000000002B10000-0x0000000002B13000-memory.dmp

Filesize
12KB

Download
memory/1068-12-0x0000000002B00000-0x0000000002B01000-memory.dmp

Filesize
4KB

Download
memory/1732-0-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1732-3-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1732-2-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1732-9-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1732-6-0x0000000000430000-0x000000000045C000-memory.dmp

Filesize
176KB

Download
memory/1732-4-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/3024-8-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/3024-5-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/3024-15-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download