11f60109076049c4fe319253561701075e641dd5281f23834f8849f15a70a650

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 20:10

Target

0ff99b3944d759ec44c60da4461a9755.exe
Size

265KB
MD5

0ff99b3944d759ec44c60da4461a9755
SHA1

506b2385e2eb06c3e8b86d73ce4e59ec53e17347
SHA256

11f60109076049c4fe319253561701075e641dd5281f23834f8849f15a70a650
SHA512

3b7034ef48acff3e2c1bc6356840840fc3ebda378f4e5735bd21a496ab7c41a81a8db94229de611f318e9e5c5ee30adc8a33200a5b9f4ff74cfea58864d6d626
SSDEEP

6144:MnRlOt/yUasAv6F4uxZ+m+/Ew0PuWx/SA78wef:MRlOt/3FbZ+mZuWx/l78wc

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 616 set thread context of 1428	616	0ff99b3944d759ec44c60da4461a9755.exe	28

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 616 wrote to memory of 1428	616	0ff99b3944d759ec44c60da4461a9755.exe	28
PID 616 wrote to memory of 1428	616	0ff99b3944d759ec44c60da4461a9755.exe	28
PID 616 wrote to memory of 1428	616	0ff99b3944d759ec44c60da4461a9755.exe	28
PID 616 wrote to memory of 1428	616	0ff99b3944d759ec44c60da4461a9755.exe	28
PID 616 wrote to memory of 1428	616	0ff99b3944d759ec44c60da4461a9755.exe	28
PID 616 wrote to memory of 1428	616	0ff99b3944d759ec44c60da4461a9755.exe	28
PID 616 wrote to memory of 1428	616	0ff99b3944d759ec44c60da4461a9755.exe	28
PID 616 wrote to memory of 1428	616	0ff99b3944d759ec44c60da4461a9755.exe	28
PID 616 wrote to memory of 1428	616	0ff99b3944d759ec44c60da4461a9755.exe	28

C:\Users\Admin\AppData\Local\Temp\0ff99b3944d759ec44c60da4461a9755.exe
"C:\Users\Admin\AppData\Local\Temp\0ff99b3944d759ec44c60da4461a9755.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:616
- C:\Users\Admin\AppData\Local\Temp\0ff99b3944d759ec44c60da4461a9755.exe
  C:\Users\Admin\AppData\Local\Temp\0ff99b3944d759ec44c60da4461a9755.exe
  2⤵
  PID:1428

memory/1428-0-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1428-6-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1428-4-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1428-2-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1428-8-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1428-10-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1428-13-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1428-18-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1428-17-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1428-15-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1428-12-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/1428-22-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download