13af421222ec9e4f0db558b9badae817aa15ef25bec273ad0ccab4e60c43b954

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 00:38

Target

21fe7e98fe1500f0c7605c23babcab00.exe
Size

54KB
MD5

21fe7e98fe1500f0c7605c23babcab00
SHA1

ba49860a4fcddfa82583ea8637ba2d82cc556aa0
SHA256

13af421222ec9e4f0db558b9badae817aa15ef25bec273ad0ccab4e60c43b954
SHA512

dbd449e76dcfbe07a7212d01924bed8ba3aa2eafcd2538de27974622f584e94641723dda6f29f688050b42345b9f3f7199ab637570e382594e280c1471477a00
SSDEEP

768:GTxaS3WnM+TOtdEvCSb4MajQ1Y3DUAhQ48nXt455DcOxcP9Pls6/APQooSk0XGVX:mw2Wn/ToEvCe4MKQ289ghcgiAPQm37e

Score

7^/10

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\o1oiidt9.exe	21fe7e98fe1500f0c7605c23babcab00.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\o1oiidt9.exe	21fe7e98fe1500f0c7605c23babcab00.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2232 set thread context of 2576	2232	21fe7e98fe1500f0c7605c23babcab00.exe	28

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2576	21fe7e98fe1500f0c7605c23babcab00.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2576	2232	21fe7e98fe1500f0c7605c23babcab00.exe	28
PID 2232 wrote to memory of 2576	2232	21fe7e98fe1500f0c7605c23babcab00.exe	28
PID 2232 wrote to memory of 2576	2232	21fe7e98fe1500f0c7605c23babcab00.exe	28
PID 2232 wrote to memory of 2576	2232	21fe7e98fe1500f0c7605c23babcab00.exe	28
PID 2232 wrote to memory of 2576	2232	21fe7e98fe1500f0c7605c23babcab00.exe	28
PID 2232 wrote to memory of 2576	2232	21fe7e98fe1500f0c7605c23babcab00.exe	28
PID 2576 wrote to memory of 1204	2576	21fe7e98fe1500f0c7605c23babcab00.exe	14
PID 2576 wrote to memory of 1204	2576	21fe7e98fe1500f0c7605c23babcab00.exe	14
PID 2576 wrote to memory of 1204	2576	21fe7e98fe1500f0c7605c23babcab00.exe	14

memory/1204-13-0x0000000002540000-0x0000000002542000-memory.dmp

Filesize
8KB

Download
memory/1204-12-0x0000000002530000-0x0000000002533000-memory.dmp

Filesize
12KB

Download
memory/1204-11-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/2232-2-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2232-1-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2232-3-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2232-0-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2232-6-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2576-4-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2576-8-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2576-14-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download