08de190600753439bea7a6aa08a0861159501b9a8e620dbc50c508357b0ebbfb

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02-02-2024 16:21

Target

89fa3437958174c5e3e329ffb4c17037.exe
Size

38KB
MD5

89fa3437958174c5e3e329ffb4c17037
SHA1

4ee10e0ea9faf19b8b0b3458818170ae947794cd
SHA256

08de190600753439bea7a6aa08a0861159501b9a8e620dbc50c508357b0ebbfb
SHA512

4e1a82e61f8df5508bd9b4e8f89d024e3d6dbee9c44ac95e457eb91b21ed081889460465f3452ef7e7b5276bbde497deee3e7785b7663d781bfa24cf6cb013c1
SSDEEP

768:AjKtO6noiqLMh+mPQvVN9bud/S3uQquBM+pGA1QZL:AAZSLMFQtNIBQqoGA1QZL

Score

5^/10

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1428 set thread context of 2664	1428	89fa3437958174c5e3e329ffb4c17037.exe	27

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 2664	1428	89fa3437958174c5e3e329ffb4c17037.exe	27
PID 1428 wrote to memory of 2664	1428	89fa3437958174c5e3e329ffb4c17037.exe	27
PID 1428 wrote to memory of 2664	1428	89fa3437958174c5e3e329ffb4c17037.exe	27
PID 1428 wrote to memory of 2664	1428	89fa3437958174c5e3e329ffb4c17037.exe	27
PID 1428 wrote to memory of 2664	1428	89fa3437958174c5e3e329ffb4c17037.exe	27
PID 1428 wrote to memory of 2664	1428	89fa3437958174c5e3e329ffb4c17037.exe	27
PID 1428 wrote to memory of 2664	1428	89fa3437958174c5e3e329ffb4c17037.exe	27
PID 1428 wrote to memory of 2664	1428	89fa3437958174c5e3e329ffb4c17037.exe	27
PID 1428 wrote to memory of 2664	1428	89fa3437958174c5e3e329ffb4c17037.exe	27

C:\Users\Admin\AppData\Local\Temp\89fa3437958174c5e3e329ffb4c17037.exe
"C:\Users\Admin\AppData\Local\Temp\89fa3437958174c5e3e329ffb4c17037.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Users\Admin\AppData\Local\Temp\89fa3437958174c5e3e329ffb4c17037.exe
  "C:\Users\Admin\AppData\Local\Temp\89fa3437958174c5e3e329ffb4c17037.exe"
  2⤵
  PID:2664

memory/1428-1-0x00000000001C0000-0x00000000001D0000-memory.dmp

Filesize
64KB

Download
memory/1428-0-0x0000000001600000-0x0000000001610000-memory.dmp

Filesize
64KB

Download
memory/1428-12-0x0000000001600000-0x0000000001610000-memory.dmp

Filesize
64KB

Download
memory/2664-2-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2664-3-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2664-4-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2664-6-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2664-9-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2664-8-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download