9afc08c1d0239012052fa257079be04b519651124ee3ecb51c564552fa85cabc

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 04:19

Target

27e192d1b8689d7a83c7282e196410bc.exe
Size

408KB
MD5

27e192d1b8689d7a83c7282e196410bc
SHA1

2285a100a1b598cd538452994baa765cec3ae3d4
SHA256

9afc08c1d0239012052fa257079be04b519651124ee3ecb51c564552fa85cabc
SHA512

2b8b41cdcd12db01c313f6b76f3d561e7a40066b2cd70ff15badeb6634d8746f62a77924fbeca170efac48ae4c3ede7b9baca4114f3239b27ded2879ae496abe
SSDEEP

12288:RAvFG3axzFHhmuXi2+Qf4pW4ZCpc1/xNIj:RAdMaxzFouXi2+6CMc1Mj

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2436 set thread context of 1936	2436	27e192d1b8689d7a83c7282e196410bc.exe	28

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	27e192d1b8689d7a83c7282e196410bc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	27e192d1b8689d7a83c7282e196410bc.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 1936	2436	27e192d1b8689d7a83c7282e196410bc.exe	28
PID 2436 wrote to memory of 1936	2436	27e192d1b8689d7a83c7282e196410bc.exe	28
PID 2436 wrote to memory of 1936	2436	27e192d1b8689d7a83c7282e196410bc.exe	28
PID 2436 wrote to memory of 1936	2436	27e192d1b8689d7a83c7282e196410bc.exe	28
PID 2436 wrote to memory of 1936	2436	27e192d1b8689d7a83c7282e196410bc.exe	28
PID 2436 wrote to memory of 1936	2436	27e192d1b8689d7a83c7282e196410bc.exe	28
PID 2436 wrote to memory of 1936	2436	27e192d1b8689d7a83c7282e196410bc.exe	28
PID 2436 wrote to memory of 1936	2436	27e192d1b8689d7a83c7282e196410bc.exe	28

C:\Users\Admin\AppData\Local\Temp\27e192d1b8689d7a83c7282e196410bc.exe
"C:\Users\Admin\AppData\Local\Temp\27e192d1b8689d7a83c7282e196410bc.exe"
1⤵
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Users\Admin\AppData\Local\Temp\27e192d1b8689d7a83c7282e196410bc.exe
  C:\Users\Admin\AppData\Local\Temp\27e192d1b8689d7a83c7282e196410bc.exe
  2⤵
  PID:1936

memory/1936-1-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1936-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1936-5-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1936-8-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1936-9-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1936-14-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1936-15-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1936-16-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1936-17-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2436-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2436-12-0x0000000000400000-0x00000000004F6000-memory.dmp

Filesize
984KB

Download