c5e71ca1dcfe7975449a25d339036f3720b0b72aa52d8794b024442216487a4d

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
23-01-2024 07:21

Target

tmp.exe
Size

1.4MB
MD5

9e1d9449d92d69c51a605225410f46f9
SHA1

f6e4d110f48bb4264097dd3101ef791f2c3d01b0
SHA256

c5e71ca1dcfe7975449a25d339036f3720b0b72aa52d8794b024442216487a4d
SHA512

000904eeacc9cc086a9f666dc8cca356e4d1a0ec0fc79dd9032c1b37399a8d75585d4a9b874ca161a38675afe69fceb817482afba75f0e09fc11169fdf16227c
SSDEEP

24576:N8tYzPKod2UyOtEIh85b6vBIFPocvBlcjPPdoCmNIqS2IR0QQPyMzMZB84D:N8tOPKjp017vBIRvBluPdoCmNM2y08CU

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

Processes:

tmp.exe

description pid process target process

PID 1720 set thread context of 2060 1720 tmp.exe cmd.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

tmp.execmd.exe

pid process

1720 tmp.exe
1720 tmp.exe
2060 cmd.exe
2060 cmd.exe
Suspicious behavior: MapViewOfSection 2 IoCs

Processes:

tmp.execmd.exe

pid process

1720 tmp.exe
2060 cmd.exe

description	pid	process	target process
PID 1720 set thread context of 2060	1720	tmp.exe	cmd.exe

pid	process
1720	tmp.exe
2060	cmd.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

tmp.execmd.exe

description	pid	process	target process
PID 1720 wrote to memory of 2060	1720	tmp.exe	cmd.exe
PID 1720 wrote to memory of 2060	1720	tmp.exe	cmd.exe
PID 1720 wrote to memory of 2060	1720	tmp.exe	cmd.exe
PID 1720 wrote to memory of 2060	1720	tmp.exe	cmd.exe
PID 1720 wrote to memory of 2060	1720	tmp.exe	cmd.exe
PID 2060 wrote to memory of 2832	2060	cmd.exe	tmp.exe
PID 2060 wrote to memory of 2832	2060	cmd.exe	tmp.exe
PID 2060 wrote to memory of 2832	2060	cmd.exe	tmp.exe
PID 2060 wrote to memory of 2832	2060	cmd.exe	tmp.exe
PID 2060 wrote to memory of 2832	2060	cmd.exe	tmp.exe

C:\Users\Admin\AppData\Local\Temp\1dbad906

Filesize
1004KB

MD5
2e999a593bc636ed2d10691f4f913926

SHA1
03cedc72a2a49b9a6b62768f72fe838cfb521fee

SHA256
6d624d9a139dd7d2a09ae186d66201cc1a90f83ff7a59ff49d1d950b043fb51d

SHA512
54c36b2d234f7664cc3e3ce380453026606e13e06b43dbc4d72f19c7abf8f9a3cea9a7b8ea75a728a149f6853d1fa5b5e1e492b16d403c77a6336b458e43e81b

Download Submit
memory/1720-0-0x000000013FEB0000-0x000000014000F000-memory.dmp

Filesize
1.4MB

Download
memory/1720-1-0x000007FEF6DF0000-0x000007FEF6F48000-memory.dmp

Filesize
1.3MB

Download
memory/1720-2-0x000007FEF6DF0000-0x000007FEF6F48000-memory.dmp

Filesize
1.3MB

Download
memory/1720-3-0x000007FEF6DF0000-0x000007FEF6F48000-memory.dmp

Filesize
1.3MB

Download
memory/2060-7-0x0000000074F50000-0x00000000750C4000-memory.dmp

Filesize
1.5MB

Download
memory/2060-6-0x0000000077740000-0x00000000778E9000-memory.dmp

Filesize
1.7MB

Download
memory/2060-8-0x0000000074F50000-0x00000000750C4000-memory.dmp

Filesize
1.5MB

Download
memory/2060-10-0x0000000074F50000-0x00000000750C4000-memory.dmp

Filesize
1.5MB

Download
memory/2832-11-0x0000000140000000-0x000000014005A000-memory.dmp

Filesize
360KB

Download
memory/2832-13-0x0000000140000000-0x000000014005A000-memory.dmp

Filesize
360KB

Download
memory/2832-14-0x000000013F720000-0x000000013F87F000-memory.dmp

Filesize
1.4MB

Download
memory/2832-15-0x000000013F720000-0x000000013F87F000-memory.dmp

Filesize
1.4MB

Download