5ef4670ff029d327ad167b4e8ee736ea41508a81473547273cb628646414975e

Analysis

max time kernel
65s
max time network
38s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 15:14

Target

2875cc7f4c23effe9ec18b81352802de.exe
Size

57KB
MD5

2875cc7f4c23effe9ec18b81352802de
SHA1

c8284153a21422908fd33400cd9a50eb4e54754f
SHA256

5ef4670ff029d327ad167b4e8ee736ea41508a81473547273cb628646414975e
SHA512

af25b5666c7740ce7024e9489301cbeb224fcdf3b00e8f14db73070e8fc5e18846ed92d89200a7327a2424bc8e484fcb8e42a4694a1989a261eadfc42b2a5c08
SSDEEP

768:jCN+GgZf0nQrzYOAcSLWR7bkzLN0Ps7jFKvvvvWlogagHWXoiVjCzoX7qI5RF7mV:Xd8nQr0OhBRszLN5JtWXooIoXug7m0+d

Score

7^/10

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8ojzoee.exe	2875cc7f4c23effe9ec18b81352802de.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\8ojzoee.exe	2875cc7f4c23effe9ec18b81352802de.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3024 set thread context of 2544	3024	2875cc7f4c23effe9ec18b81352802de.exe	28

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2544	2875cc7f4c23effe9ec18b81352802de.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 2544	3024	2875cc7f4c23effe9ec18b81352802de.exe	28
PID 3024 wrote to memory of 2544	3024	2875cc7f4c23effe9ec18b81352802de.exe	28
PID 3024 wrote to memory of 2544	3024	2875cc7f4c23effe9ec18b81352802de.exe	28
PID 3024 wrote to memory of 2544	3024	2875cc7f4c23effe9ec18b81352802de.exe	28
PID 3024 wrote to memory of 2544	3024	2875cc7f4c23effe9ec18b81352802de.exe	28
PID 3024 wrote to memory of 2544	3024	2875cc7f4c23effe9ec18b81352802de.exe	28
PID 2544 wrote to memory of 1244	2544	2875cc7f4c23effe9ec18b81352802de.exe	9
PID 2544 wrote to memory of 1244	2544	2875cc7f4c23effe9ec18b81352802de.exe	9
PID 2544 wrote to memory of 1244	2544	2875cc7f4c23effe9ec18b81352802de.exe	9

memory/1244-12-0x0000000002670000-0x0000000002671000-memory.dmp

Filesize
4KB

Download
memory/1244-14-0x0000000002690000-0x0000000002692000-memory.dmp

Filesize
8KB

Download
memory/1244-13-0x0000000002680000-0x0000000002683000-memory.dmp

Filesize
12KB

Download
memory/2544-6-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2544-9-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2544-15-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/3024-3-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3024-5-0x00000000003D0000-0x00000000003EE000-memory.dmp

Filesize
120KB

Download
memory/3024-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3024-8-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3024-4-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/3024-2-0x00000000004A0000-0x00000000004A1000-memory.dmp

Filesize
4KB

Download
memory/3024-1-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download