53ee3360915889c00c6ebd8bd96c1fb8836f022075899a339f9d5f094519975c

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27-01-2024 06:12

Target

797aab994063f402237de3c14ea8b370.exe
Size

27KB
MD5

797aab994063f402237de3c14ea8b370
SHA1

308840d4ac5653430794e67ba886ee3a4e4a2c27
SHA256

53ee3360915889c00c6ebd8bd96c1fb8836f022075899a339f9d5f094519975c
SHA512

c1feb42b7212433614e23e4ebf62c1d0e1e83d815d6ee2effcee9f2d1810d73602c59ff0472f41b8d9ae75e7482acd2d1d4560adc1271b2e56c05b7c0ab35f63
SSDEEP

768:qCyAqlYmQTDwrzTSkIjOsUUQSdwk4IWRZn:KAqlYmQTsEUUQSTE

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1796 set thread context of 856	1796	797aab994063f402237de3c14ea8b370.exe	28

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 1796 wrote to memory of 856	1796	797aab994063f402237de3c14ea8b370.exe	28
PID 1796 wrote to memory of 856	1796	797aab994063f402237de3c14ea8b370.exe	28
PID 1796 wrote to memory of 856	1796	797aab994063f402237de3c14ea8b370.exe	28
PID 1796 wrote to memory of 856	1796	797aab994063f402237de3c14ea8b370.exe	28
PID 1796 wrote to memory of 856	1796	797aab994063f402237de3c14ea8b370.exe	28
PID 1796 wrote to memory of 856	1796	797aab994063f402237de3c14ea8b370.exe	28
PID 1796 wrote to memory of 856	1796	797aab994063f402237de3c14ea8b370.exe	28
PID 1796 wrote to memory of 856	1796	797aab994063f402237de3c14ea8b370.exe	28
PID 1796 wrote to memory of 856	1796	797aab994063f402237de3c14ea8b370.exe	28
PID 1796 wrote to memory of 856	1796	797aab994063f402237de3c14ea8b370.exe	28

C:\Users\Admin\AppData\Local\Temp\797aab994063f402237de3c14ea8b370.exe
"C:\Users\Admin\AppData\Local\Temp\797aab994063f402237de3c14ea8b370.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1796
- C:\Users\Admin\AppData\Local\Temp\797aab994063f402237de3c14ea8b370.exe
  "C:\Users\Admin\AppData\Local\Temp\797aab994063f402237de3c14ea8b370.exe"
  2⤵
  PID:856

memory/856-0-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/856-2-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/856-4-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/856-7-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/856-10-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/856-14-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/856-18-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/856-19-0x0000000000400000-0x0000000000405000-memory.dmp

Filesize
20KB

Download
memory/1796-17-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download