283dca4b38d4ac08aea38c39ad094eab8bc1e929a3f3aca43fd0feba218c248e

Analysis

max time kernel
118s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 04:16

Target

27cc7906fa1032ab20cb6028438d8e2f.exe
Size

92KB
MD5

27cc7906fa1032ab20cb6028438d8e2f
SHA1

16db7c755499e69713ea4e7b420a98d5e76a400a
SHA256

283dca4b38d4ac08aea38c39ad094eab8bc1e929a3f3aca43fd0feba218c248e
SHA512

86849150726360eff97d75c53e3bb6ff268e99185c72b00a92d726ed4a73476306fa82a231d39cf47ff5dab7ac465f0cc873faa0d6cfde924d5586f135276fad
SSDEEP

1536:CPzuaRAc//////qidULaAl8pvPefv/PfpG/J/iccTGSmmp0ua/Zr3hASu8:ouaRAc//////qaAEWfv/neiccTGLmuuY

Score

5^/10

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2104 set thread context of 2724	2104	27cc7906fa1032ab20cb6028438d8e2f.exe	29
PID 2104 set thread context of 2596	2104	27cc7906fa1032ab20cb6028438d8e2f.exe	30

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2724	2104	27cc7906fa1032ab20cb6028438d8e2f.exe	29
PID 2104 wrote to memory of 2724	2104	27cc7906fa1032ab20cb6028438d8e2f.exe	29
PID 2104 wrote to memory of 2724	2104	27cc7906fa1032ab20cb6028438d8e2f.exe	29
PID 2104 wrote to memory of 2724	2104	27cc7906fa1032ab20cb6028438d8e2f.exe	29
PID 2104 wrote to memory of 2724	2104	27cc7906fa1032ab20cb6028438d8e2f.exe	29
PID 2104 wrote to memory of 2596	2104	27cc7906fa1032ab20cb6028438d8e2f.exe	30
PID 2104 wrote to memory of 2596	2104	27cc7906fa1032ab20cb6028438d8e2f.exe	30
PID 2104 wrote to memory of 2596	2104	27cc7906fa1032ab20cb6028438d8e2f.exe	30
PID 2104 wrote to memory of 2596	2104	27cc7906fa1032ab20cb6028438d8e2f.exe	30
PID 2104 wrote to memory of 2596	2104	27cc7906fa1032ab20cb6028438d8e2f.exe	30

C:\Users\Admin\AppData\Local\Temp\27cc7906fa1032ab20cb6028438d8e2f.exe
"C:\Users\Admin\AppData\Local\Temp\27cc7906fa1032ab20cb6028438d8e2f.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Users\Admin\AppData\Local\Temp\27cc7906fa1032ab20cb6028438d8e2f.exe
  C:\Users\Admin\AppData\Local\Temp\27cc7906fa1032ab20cb6028438d8e2f.exe
  2⤵
  PID:2724
- C:\Users\Admin\AppData\Local\Temp\27cc7906fa1032ab20cb6028438d8e2f.exe
  C:\Users\Admin\AppData\Local\Temp\27cc7906fa1032ab20cb6028438d8e2f.exe
  2⤵
  PID:2596

memory/2104-4-0x0000000010000000-0x000000001001F000-memory.dmp

Filesize
124KB

Download
memory/2724-0-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download