1e6065c57670611e726ac380377334b46c477ab353d0e78c066f53272552e551

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 06:28

Target

4021f07d5170bfbe0f3dab5eea523676.exe
Size

617KB
MD5

4021f07d5170bfbe0f3dab5eea523676
SHA1

14d94e059f75659f82df8ad709026c2adfd21b59
SHA256

1e6065c57670611e726ac380377334b46c477ab353d0e78c066f53272552e551
SHA512

b37feefb76da34e9201c1950fda599b88e533067220b4e2138671ddd40aa957de73dc03ba1c1ae7b088605e9d62899181a1cc0dae58c8d8becaf35c1047571c0
SSDEEP

12288:xXR2YWp551IHaDJj2bvNRQSpe+BAE28jcoc/bHJsqyCIT9H:nxI551I6DJj2bvNRQ1sAE28jM/bDMH

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2512 set thread context of 2536	2512	4021f07d5170bfbe0f3dab5eea523676.exe	16

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2536	2512	4021f07d5170bfbe0f3dab5eea523676.exe	16
PID 2512 wrote to memory of 2536	2512	4021f07d5170bfbe0f3dab5eea523676.exe	16
PID 2512 wrote to memory of 2536	2512	4021f07d5170bfbe0f3dab5eea523676.exe	16
PID 2512 wrote to memory of 2536	2512	4021f07d5170bfbe0f3dab5eea523676.exe	16
PID 2512 wrote to memory of 2536	2512	4021f07d5170bfbe0f3dab5eea523676.exe	16
PID 2512 wrote to memory of 2536	2512	4021f07d5170bfbe0f3dab5eea523676.exe	16
PID 2512 wrote to memory of 2536	2512	4021f07d5170bfbe0f3dab5eea523676.exe	16
PID 2512 wrote to memory of 2536	2512	4021f07d5170bfbe0f3dab5eea523676.exe	16
PID 2512 wrote to memory of 2536	2512	4021f07d5170bfbe0f3dab5eea523676.exe	16
PID 2512 wrote to memory of 2536	2512	4021f07d5170bfbe0f3dab5eea523676.exe	16
PID 2512 wrote to memory of 2536	2512	4021f07d5170bfbe0f3dab5eea523676.exe	16

C:\Users\Admin\AppData\Local\Temp\4021f07d5170bfbe0f3dab5eea523676.exe
"C:\Users\Admin\AppData\Local\Temp\4021f07d5170bfbe0f3dab5eea523676.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Users\Admin\AppData\Local\Temp\4021f07d5170bfbe0f3dab5eea523676.exe
  "C:\Users\Admin\AppData\Local\Temp\4021f07d5170bfbe0f3dab5eea523676.exe"
  2⤵
  PID:2536

memory/2512-35-0x0000000004000000-0x0000000004071000-memory.dmp

Filesize
452KB

Download
memory/2512-1-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2512-5-0x0000000000090000-0x0000000000190000-memory.dmp

Filesize
1024KB

Download
memory/2536-28-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2536-37-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2536-30-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2536-38-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2536-24-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2536-20-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2536-16-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2536-10-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2536-7-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2536-12-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2536-39-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download