fc4253fe50d2568ddc852b8dff564c4116b619e847cb45346aff55f5716969b7

Analysis

max time kernel
150s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/01/2024, 11:23

Target

5b1e098bdd6b478737efe4e613bb9594.exe
Size

113KB
MD5

5b1e098bdd6b478737efe4e613bb9594
SHA1

b1199381fece709c16b3891a5bbf233214ff55e2
SHA256

fc4253fe50d2568ddc852b8dff564c4116b619e847cb45346aff55f5716969b7
SHA512

19febcee062cf160f278367f9c9b73282cc8e58121c9a7a4059c2df340626ceefddc605d144805f8af108e4047d8c69c434e899e0021e5d7be465f8b654f112d
SSDEEP

1536:sjKJfhGPOAvgwDi+8PUHQubVS71SOBKbxN3eZzl42aeHLGyJMxd:E0fhGPZvg0gUHdbVISdxr8GyJ4d

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1544 set thread context of 2180	1544	5b1e098bdd6b478737efe4e613bb9594.exe	28

Suspicious behavior: EnumeratesProcesses 30 IoCs

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 2180	1544	5b1e098bdd6b478737efe4e613bb9594.exe	28
PID 1544 wrote to memory of 2180	1544	5b1e098bdd6b478737efe4e613bb9594.exe	28
PID 1544 wrote to memory of 2180	1544	5b1e098bdd6b478737efe4e613bb9594.exe	28
PID 1544 wrote to memory of 2180	1544	5b1e098bdd6b478737efe4e613bb9594.exe	28
PID 1544 wrote to memory of 2180	1544	5b1e098bdd6b478737efe4e613bb9594.exe	28
PID 1544 wrote to memory of 2180	1544	5b1e098bdd6b478737efe4e613bb9594.exe	28
PID 1544 wrote to memory of 2180	1544	5b1e098bdd6b478737efe4e613bb9594.exe	28
PID 1544 wrote to memory of 2180	1544	5b1e098bdd6b478737efe4e613bb9594.exe	28
PID 1544 wrote to memory of 2180	1544	5b1e098bdd6b478737efe4e613bb9594.exe	28

C:\Users\Admin\AppData\Local\Temp\5b1e098bdd6b478737efe4e613bb9594.exe
"C:\Users\Admin\AppData\Local\Temp\5b1e098bdd6b478737efe4e613bb9594.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Users\Admin\AppData\Local\Temp\5b1e098bdd6b478737efe4e613bb9594.exe
  "C:\Users\Admin\AppData\Local\Temp\5b1e098bdd6b478737efe4e613bb9594.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2180

memory/2180-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2180-2-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2180-4-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2180-6-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2180-8-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2180-10-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2180-12-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2180-13-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download