6fbd2934f653f5085f7ae0b974f11673494f076770e28f6e9b7e1867d783a06b

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 18:49

Target

35afcf29afedbc371e446aaed65de901.exe
Size

182KB
MD5

35afcf29afedbc371e446aaed65de901
SHA1

54493d831985f569947e43cfc0bf952969860eb2
SHA256

6fbd2934f653f5085f7ae0b974f11673494f076770e28f6e9b7e1867d783a06b
SHA512

57d67f8f4aebe5a5178d5ae2e9318cb05f1c2d3c97b04c3a63b5ddac80f51228cf88991371cd94e1832d30aea684f2ac07bb11b5f88ce8da7645cb321dc6d648
SSDEEP

3072:3HMAmgoqaNU1LiOyzb0qkVoDiYE2/+S5io/Hw3a5YHG3Pzrc77OWw8x8cj:3HbaNQG4qkVoDiB22B2Hw3alXc769/cj

Score

5^/10

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2040 set thread context of 2924	2040	35afcf29afedbc371e446aaed65de901.exe	14
PID 2040 set thread context of 0	2040	35afcf29afedbc371e446aaed65de901.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	35afcf29afedbc371e446aaed65de901.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	35afcf29afedbc371e446aaed65de901.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2924	35afcf29afedbc371e446aaed65de901.exe
2924	35afcf29afedbc371e446aaed65de901.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2040	35afcf29afedbc371e446aaed65de901.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 2924	2040	35afcf29afedbc371e446aaed65de901.exe	14
PID 2040 wrote to memory of 2924	2040	35afcf29afedbc371e446aaed65de901.exe	14
PID 2040 wrote to memory of 2924	2040	35afcf29afedbc371e446aaed65de901.exe	14
PID 2040 wrote to memory of 2924	2040	35afcf29afedbc371e446aaed65de901.exe	14
PID 2040 wrote to memory of 2924	2040	35afcf29afedbc371e446aaed65de901.exe	14
PID 2040 wrote to memory of 2924	2040	35afcf29afedbc371e446aaed65de901.exe	14
PID 2040 wrote to memory of 2924	2040	35afcf29afedbc371e446aaed65de901.exe	14
PID 2040 wrote to memory of 2924	2040	35afcf29afedbc371e446aaed65de901.exe	14
PID 2040 wrote to memory of 0	2040	35afcf29afedbc371e446aaed65de901.exe
PID 2040 wrote to memory of 0	2040	35afcf29afedbc371e446aaed65de901.exe
PID 2040 wrote to memory of 0	2040	35afcf29afedbc371e446aaed65de901.exe
PID 2040 wrote to memory of 0	2040	35afcf29afedbc371e446aaed65de901.exe
PID 2924 wrote to memory of 1328	2924	35afcf29afedbc371e446aaed65de901.exe	11
PID 2924 wrote to memory of 1328	2924	35afcf29afedbc371e446aaed65de901.exe	11
PID 2924 wrote to memory of 1328	2924	35afcf29afedbc371e446aaed65de901.exe	11
PID 2924 wrote to memory of 1328	2924	35afcf29afedbc371e446aaed65de901.exe	11

memory/1328-13-0x000000007EFD0000-0x000000007EFD1000-memory.dmp

Filesize
4KB

Download
memory/1328-9-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/2040-0-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/2040-6-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/2040-3-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/2924-7-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2924-8-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2924-4-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2924-12-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download