6b81c724cfe334994e4fb72528cb1a3c967200ac365f85689efbd4545b925a3c

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 16:30

Target

7cdc016c12a745a5dbb38723b3d0f82e.exe
Size

86KB
MD5

7cdc016c12a745a5dbb38723b3d0f82e
SHA1

3f47aea37d4c3c5988c626bec1d284fee8e6a8ff
SHA256

6b81c724cfe334994e4fb72528cb1a3c967200ac365f85689efbd4545b925a3c
SHA512

b66d1a90be96d42d2f7a0f095958a66fbf95e444b231028af8b44ec48b58a677bc650ce05c38f29567026bd54a0cd09c36c065d117f3acd67941a6417e6bf741
SSDEEP

1536:J9s40MgQzfWrrDNhLGrI2hhhKEEEEEEE0EEEEsc8WrXSRE:/r0Kzq5hLtEEEEEEE0EEEEUMiRE

Score

7^/10

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oojyytjj1.exe	7cdc016c12a745a5dbb38723b3d0f82e.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oojyytjj1.exe	7cdc016c12a745a5dbb38723b3d0f82e.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2220 set thread context of 2740	2220	7cdc016c12a745a5dbb38723b3d0f82e.exe	28

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2740	7cdc016c12a745a5dbb38723b3d0f82e.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2740	2220	7cdc016c12a745a5dbb38723b3d0f82e.exe	28
PID 2220 wrote to memory of 2740	2220	7cdc016c12a745a5dbb38723b3d0f82e.exe	28
PID 2220 wrote to memory of 2740	2220	7cdc016c12a745a5dbb38723b3d0f82e.exe	28
PID 2220 wrote to memory of 2740	2220	7cdc016c12a745a5dbb38723b3d0f82e.exe	28
PID 2220 wrote to memory of 2740	2220	7cdc016c12a745a5dbb38723b3d0f82e.exe	28
PID 2220 wrote to memory of 2740	2220	7cdc016c12a745a5dbb38723b3d0f82e.exe	28
PID 2740 wrote to memory of 1380	2740	7cdc016c12a745a5dbb38723b3d0f82e.exe	21
PID 2740 wrote to memory of 1380	2740	7cdc016c12a745a5dbb38723b3d0f82e.exe	21
PID 2740 wrote to memory of 1380	2740	7cdc016c12a745a5dbb38723b3d0f82e.exe	21

memory/1380-11-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/1380-12-0x0000000002270000-0x0000000002273000-memory.dmp

Filesize
12KB

Download
memory/1380-13-0x0000000002650000-0x0000000002652000-memory.dmp

Filesize
8KB

Download
memory/2220-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2220-1-0x0000000001F80000-0x0000000001F81000-memory.dmp

Filesize
4KB

Download
memory/2220-2-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2220-3-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2220-4-0x0000000001FA0000-0x0000000001FC0000-memory.dmp

Filesize
128KB

Download
memory/2220-7-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2740-5-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2740-8-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2740-14-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download