600593ebb267302d3436b8b17e80f49dfaa3595d36fb3bc70ca1c04a5d797bb8

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 20:35

Target

034a87ae1b3c8856d075fd235db5a799.exe
Size

89KB
MD5

034a87ae1b3c8856d075fd235db5a799
SHA1

dc9371952d10833995f67c95b33ed7a4df5fb31e
SHA256

600593ebb267302d3436b8b17e80f49dfaa3595d36fb3bc70ca1c04a5d797bb8
SHA512

97a66957eddd9bb05373a499f2dabfce4eac4f81b8422ac907a3effaf7cadc8ad7dccafd0820832dac65c3ef8d0d99bce3cc3a9b1242257c746806a7d3477636
SSDEEP

768:WL3LzfkaLn2R8f+Rd4BDMVAaAF8tXID8wx8z+xSSJqM+fHfB68c8giIUq0YM7X:ybzRhNhFSYfsUnof/s8X3q0d7X

Score

7^/10

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5d6ooi2.exe	034a87ae1b3c8856d075fd235db5a799.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5d6ooi2.exe	034a87ae1b3c8856d075fd235db5a799.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2344 set thread context of 1676	2344	034a87ae1b3c8856d075fd235db5a799.exe	28

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1676	034a87ae1b3c8856d075fd235db5a799.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 1676	2344	034a87ae1b3c8856d075fd235db5a799.exe	28
PID 2344 wrote to memory of 1676	2344	034a87ae1b3c8856d075fd235db5a799.exe	28
PID 2344 wrote to memory of 1676	2344	034a87ae1b3c8856d075fd235db5a799.exe	28
PID 2344 wrote to memory of 1676	2344	034a87ae1b3c8856d075fd235db5a799.exe	28
PID 2344 wrote to memory of 1676	2344	034a87ae1b3c8856d075fd235db5a799.exe	28
PID 2344 wrote to memory of 1676	2344	034a87ae1b3c8856d075fd235db5a799.exe	28
PID 1676 wrote to memory of 1356	1676	034a87ae1b3c8856d075fd235db5a799.exe	22
PID 1676 wrote to memory of 1356	1676	034a87ae1b3c8856d075fd235db5a799.exe	22
PID 1676 wrote to memory of 1356	1676	034a87ae1b3c8856d075fd235db5a799.exe	22

memory/1356-14-0x00000000029A0000-0x00000000029A2000-memory.dmp

Filesize
8KB

Download
memory/1356-13-0x0000000002990000-0x0000000002993000-memory.dmp

Filesize
12KB

Download
memory/1356-12-0x0000000002980000-0x0000000002981000-memory.dmp

Filesize
4KB

Download
memory/1676-9-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1676-5-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1676-15-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2344-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2344-2-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2344-8-0x00000000003E0000-0x00000000003FF000-memory.dmp

Filesize
124KB

Download
memory/2344-7-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2344-4-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2344-3-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download