558dfef0d4632e3a042fe939f13f2827ecf4110a86b0f5a56b9edd30329458de

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 00:13

Target

4586484469a61acff86af04c979d74ff.exe
Size

65KB
MD5

4586484469a61acff86af04c979d74ff
SHA1

06eb3b82c53b072ba6a16d1a5a2a2eed85d581ba
SHA256

558dfef0d4632e3a042fe939f13f2827ecf4110a86b0f5a56b9edd30329458de
SHA512

fbaf2304be0d9756f9da1e8784967ad2ed401b0ae3abe921903d9d5818f0e0763c42bfb7e8e84a870352f554705a5b0683c656d0ee224c45fe377cdd4b69c92b
SSDEEP

768:CEMN+t65Z3k9wVfV7uqGdFfw/i8aopIZbFOpv6K45uoyz8YpUVj8AhjN:CNN+M5Z30GflOvfkrEFOku5j+

Score

7^/10

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dttod9y0.exe	4586484469a61acff86af04c979d74ff.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dttod9y0.exe	4586484469a61acff86af04c979d74ff.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1924 set thread context of 2172	1924	4586484469a61acff86af04c979d74ff.exe	28

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2172	4586484469a61acff86af04c979d74ff.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2172	1924	4586484469a61acff86af04c979d74ff.exe	28
PID 1924 wrote to memory of 2172	1924	4586484469a61acff86af04c979d74ff.exe	28
PID 1924 wrote to memory of 2172	1924	4586484469a61acff86af04c979d74ff.exe	28
PID 1924 wrote to memory of 2172	1924	4586484469a61acff86af04c979d74ff.exe	28
PID 1924 wrote to memory of 2172	1924	4586484469a61acff86af04c979d74ff.exe	28
PID 1924 wrote to memory of 2172	1924	4586484469a61acff86af04c979d74ff.exe	28
PID 2172 wrote to memory of 1284	2172	4586484469a61acff86af04c979d74ff.exe	7
PID 2172 wrote to memory of 1284	2172	4586484469a61acff86af04c979d74ff.exe	7
PID 2172 wrote to memory of 1284	2172	4586484469a61acff86af04c979d74ff.exe	7

memory/1284-13-0x0000000002E10000-0x0000000002E13000-memory.dmp

Filesize
12KB

Download
memory/1284-14-0x0000000002E20000-0x0000000002E22000-memory.dmp

Filesize
8KB

Download
memory/1284-12-0x0000000002E00000-0x0000000002E01000-memory.dmp

Filesize
4KB

Download
memory/1924-2-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1924-1-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/1924-7-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1924-8-0x0000000000440000-0x000000000045A000-memory.dmp

Filesize
104KB

Download
memory/1924-0-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/1924-3-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1924-4-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/2172-5-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2172-9-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2172-15-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download