33e409cda36c367fd612f13bbbf77ccebd627761064e4d138e23e7d8821297fe

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 10:54

Target

b48816e96d7af5d510e892b79eadc595.exe
Size

225KB
MD5

b48816e96d7af5d510e892b79eadc595
SHA1

271f42eea493d0a9412bae8a3e839b5a959431ec
SHA256

33e409cda36c367fd612f13bbbf77ccebd627761064e4d138e23e7d8821297fe
SHA512

1a4f41e549d4e8b608153bdaac1e81d54fb37c056a8c94c9c71daa0d0bc4ee32b3d6dac07c9ed8c8279d70c6a9c9fb58576b3d5cf858b1de96a01ce8143dc4f6
SSDEEP

3072:h9NzY2Ezw0DhpbhLNhNHfx6k2iytbuBvD6qkYrTRlXK2Bcc8yr:TZYnw0hT3ZfxhH2uBvD6Wl68cc8E

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2772	b48816e96d7af5d510e892b79eadc595.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2772	b48816e96d7af5d510e892b79eadc595.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 1192	2772	b48816e96d7af5d510e892b79eadc595.exe	21
PID 2772 wrote to memory of 1192	2772	b48816e96d7af5d510e892b79eadc595.exe	21
PID 2772 wrote to memory of 1192	2772	b48816e96d7af5d510e892b79eadc595.exe	21
PID 2772 wrote to memory of 1192	2772	b48816e96d7af5d510e892b79eadc595.exe	21

memory/1192-0-0x0000000002A20000-0x0000000002A21000-memory.dmp

Filesize
4KB

Download
memory/2772-1-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2772-3-0x0000000000020000-0x000000000003C000-memory.dmp

Filesize
112KB

Download
memory/2772-6-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download