28491a67f887f7b150f741b3f5a1277a2e9cd3c8861e768c50f10581d8b7b485

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 05:09

Target

66c7bed4d15ebcd0c3bb591032bec48c.exe
Size

95KB
MD5

66c7bed4d15ebcd0c3bb591032bec48c
SHA1

c68c78844d90896154acd9e623e8ff5687d5e194
SHA256

28491a67f887f7b150f741b3f5a1277a2e9cd3c8861e768c50f10581d8b7b485
SHA512

88cc314673f9932e808b00056efea371d8210e8c5df4146f22f32353cbdec13e2ef6220bde18d839d3d0d7231a7d17983df3c5a4fc0dc0c55807e00244cfce4b
SSDEEP

1536:/ZfQAm/nNfG5EoQ1rAbHwIUul9+hbdqQWYAxptV249wUn5D:RI1/gIAgC+hbBWYEjV2w

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2400 set thread context of 2932	2400	66c7bed4d15ebcd0c3bb591032bec48c.exe	28

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2932	2400	66c7bed4d15ebcd0c3bb591032bec48c.exe	28
PID 2400 wrote to memory of 2932	2400	66c7bed4d15ebcd0c3bb591032bec48c.exe	28
PID 2400 wrote to memory of 2932	2400	66c7bed4d15ebcd0c3bb591032bec48c.exe	28
PID 2400 wrote to memory of 2932	2400	66c7bed4d15ebcd0c3bb591032bec48c.exe	28
PID 2400 wrote to memory of 2932	2400	66c7bed4d15ebcd0c3bb591032bec48c.exe	28
PID 2400 wrote to memory of 2932	2400	66c7bed4d15ebcd0c3bb591032bec48c.exe	28
PID 2400 wrote to memory of 2932	2400	66c7bed4d15ebcd0c3bb591032bec48c.exe	28
PID 2400 wrote to memory of 2932	2400	66c7bed4d15ebcd0c3bb591032bec48c.exe	28
PID 2400 wrote to memory of 2932	2400	66c7bed4d15ebcd0c3bb591032bec48c.exe	28
PID 2400 wrote to memory of 2932	2400	66c7bed4d15ebcd0c3bb591032bec48c.exe	28
PID 2400 wrote to memory of 2932	2400	66c7bed4d15ebcd0c3bb591032bec48c.exe	28
PID 2400 wrote to memory of 2932	2400	66c7bed4d15ebcd0c3bb591032bec48c.exe	28

C:\Users\Admin\AppData\Local\Temp\66c7bed4d15ebcd0c3bb591032bec48c.exe
"C:\Users\Admin\AppData\Local\Temp\66c7bed4d15ebcd0c3bb591032bec48c.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Windows\SysWOW64\userinit.exe
  "C:\Windows\system32\userinit.exe"
  2⤵
  PID:2932

memory/2400-26-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2932-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2932-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2932-4-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2932-7-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2932-11-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2932-15-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2932-18-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2932-21-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2932-22-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download