32c90cd2cf306e8f4436ad11fcda9a872420694ba5961716b6abc6c4d8feea73

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-01-2024 18:11

Target

72b4cf31ad43c079785c4b015c46d88b.exe
Size

316KB
MD5

72b4cf31ad43c079785c4b015c46d88b
SHA1

9c676acb9f4626d7a9aaeeeedf8e38a23e89c709
SHA256

32c90cd2cf306e8f4436ad11fcda9a872420694ba5961716b6abc6c4d8feea73
SHA512

19a1a2ef306443c941c2cb23115dc767233211661846b30c3eccdc58c968043afefbf1ed12575c4eca07bdcb25441207bea2e50f1dc31c89e9dbe245a8606ee1
SSDEEP

6144:77vjeoTBoGttTiJz92aSF1Fxv4gxc7b3O+PIIhrAB3J4tAOb/ZY3o:7xiJ/SVNChsJODb4o

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 308 set thread context of 1768	308	72b4cf31ad43c079785c4b015c46d88b.exe	28

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 308 wrote to memory of 1768	308	72b4cf31ad43c079785c4b015c46d88b.exe	28
PID 308 wrote to memory of 1768	308	72b4cf31ad43c079785c4b015c46d88b.exe	28
PID 308 wrote to memory of 1768	308	72b4cf31ad43c079785c4b015c46d88b.exe	28
PID 308 wrote to memory of 1768	308	72b4cf31ad43c079785c4b015c46d88b.exe	28
PID 308 wrote to memory of 1768	308	72b4cf31ad43c079785c4b015c46d88b.exe	28
PID 308 wrote to memory of 1768	308	72b4cf31ad43c079785c4b015c46d88b.exe	28
PID 308 wrote to memory of 1768	308	72b4cf31ad43c079785c4b015c46d88b.exe	28
PID 308 wrote to memory of 1768	308	72b4cf31ad43c079785c4b015c46d88b.exe	28
PID 308 wrote to memory of 1768	308	72b4cf31ad43c079785c4b015c46d88b.exe	28

C:\Users\Admin\AppData\Local\Temp\72b4cf31ad43c079785c4b015c46d88b.exe
"C:\Users\Admin\AppData\Local\Temp\72b4cf31ad43c079785c4b015c46d88b.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:308
- C:\Users\Admin\AppData\Local\Temp\72b4cf31ad43c079785c4b015c46d88b.exe
  "C:\Users\Admin\AppData\Local\Temp\72b4cf31ad43c079785c4b015c46d88b.exe"
  2⤵
  PID:1768

memory/308-0-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/308-3-0x0000000000340000-0x0000000000395000-memory.dmp

Filesize
340KB

Download
memory/308-13-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/1768-1-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/1768-4-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/1768-6-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/1768-8-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/1768-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1768-12-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/1768-15-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/1768-16-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/1768-17-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download